[Please upgrade if you use Open Journal -- Raju] This is an RFC 1153 digest. (1 message) ----------------------------------------------------------------------
Message-ID: <[EMAIL PROTECTED]> From: "Tri Huynh" <[EMAIL PROTECTED]> Sender: [EMAIL PROTECTED] To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> Subject: [Full-Disclosure] Open Journal Blog Authenticaion Bypassing Vulnerability Date: Fri, 6 Feb 2004 12:47:36 -0800 Open Journal Blog Authenticaion Bypassing Vulnerability ================================================= PROGRAM: Open Journal HOMEPAGE: http://www.grohol.com/downloads/oj/ VULNERABLE VERSIONS: 2.5 and below DESCRIPTION ================================================= OpenJournal is a completely Web-based interface (say bye-bye to FTP, manual archiving, etc.). Features include: automated file creation; automated index updating; editing of all files through a Web-based interface; entries with or without titles and time posted; automated archiving based on a weekly or monthly format. All done through ordinary text files and no additional perl modules needed to run it DETAILS ================================================= By feeding special crafted data into the uid parameter of the URL, an attacker can by pass the authentication process and access directly to the software's control panel. The below example will let the hacker add a new user to the software account database. http://www.test.com/cgi-bin/oj.cgi?db=default&uid=%00&userid=hacker&auth=adduser WORKAROUND ================================================= Open Journal's author (Dr John Grohol) is contacted.A patched version (2.6) is ready for downloading on the website. CREDITS ================================================= Discovered by Tri Huynh from SentryUnion DISLAIMER ================================================= The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. FEEDBACK ================================================= Please send suggestions, updates, and comments to: [EMAIL PROTECTED] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ------------------------------ End of this Digest ****************** -- Raj Mathur [EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F It is the mind that moves _______________________________________________ ilugd mailing list [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd
