Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:13509
HistoryJul 13, 2006 - 12:00 a.m.

TOPo v.2.2.178 Account Reset

2006-07-1300:00:00
vulners.com
13
JSON

TOPo v.2.2.178 Account Reset

Author: Attila Gerendi (Darkz)
Date: July 12, 2006
Package: TOPo (http://ej3soft.ej3.net/)
Versions Affected: 2.2.178 (Other versions may also be affected.)
Severity: Password Reset

Description:

It is possible to overide an existing entry posting a new entry with a previous entry ID.
The ID can be extracted from the main window links ex:
http://[host]/[path]/index.php?m=top&s=out&ID=1152699749.6695
The new entry will overide the original entry, also this will overide the original password.
Another problem is the ID formath xxxxxx.yyyy where yyyy is the original (initial) password.

Solution:
TOPo development seen to be suspended by now. No new release from January 5 2005.

JSON