Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:12820
HistoryMay 26, 2006 - 12:00 a.m.

[KAPDA::#44] - NewsCMSLite Login ByPass by Cookie

2006-05-2600:00:00
vulners.com
18
JSON

[KAPDA::#44] - NewsCMSLite Login ByPass by Cookie Vulnerability

KAPDA New advisory

Vulnerable product : NewsCMSLite
Vendor: http://www.katywhitton.com
Vulnerability: Authentication Flaw in 'newsadmin.asp' Lets Remote User Gain Administrative Access .

Date :

Found : 2006/05/21
Vendor Contacted : N/A
Release Date : 2006/05/24

About NewsCMSLite :

NewsCMSLite is a simple, easy to use and effective Content Management System (CMS).
http://www.katywhitton.com/downloads/newsCMSlite/index.asp

Vulnerability:

The 'newsadmin.asp' script grants administrative privileges to the remote user if a certain cookie is set.
A remote user can set a cookie named 'loggedIn' with a value of 'xY1zZoPQ' to gain administrative privileges.

Solution:

No patch`s released yet by vendor.

Original Advisory:

http://www.kapda.ir/advisory-332.html

Credit :

FarhadKey of KAPDA
farhadkey [at} kapda <d0t> net
Kapda - Security Science Researchers Insitute of Iran
http://www.KAPDA.ir

JSON