[26184] in bugtraq
Re: Hosting Controller Vulnerability
daemon@ATHENA.MIT.EDU (Ben M)
Mon Jul 15 19:06:11 2002
Date: 15 Jul 2002 05:07:42 -0000
Message-ID: <20020715050742.3284.qmail@mail.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Ben M <webmaster@theratnerschool.org>
To: bugtraq@securityfocus.com
In-Reply-To: <20020714213121.A7F7E36F9@sitemail.everyone.net>
>Instead of using something like @stake web proxy, could you also save the
>html output of (/accounts/updateuserdesc.asp) locally and change username
>to administrator and re-submit the form?
I am not sure, it depends on how your browser handles the cookies. The
login cookie is a ASP session cookie.
>And how are they validating the user name after applying the patch ?
You can look at the patch, it is in ASP, so you can read it. All it does
is to select the users you have the rights to admin, and checks that the
user you are editing is one of those users.
>
>Regards,
>---------
>Muhammad Faisal Rauf Danka
>
>Chief Technology Officer
>Gem Internet Services (Pvt) Ltd.
>web: www.gem.net.pk
