|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 2934 CVE : CVE-2007-4047 SecurityRisk : High  (About) Remote Exploit : Yes Local Exploit : No Exploit Given : Yes Credit : joseph Published : 31.07.2007
Advisory Text : Geoblog v1. A vulnerability exists in geoblog version 1 (latest) that allows users to delete other peoples comments without administration credentials. It works on blogs too. Users can delete blogs without user credentials. The reason why is because the listcomments.php and deletecomments.php files fail to include checks for authenticity. The following proof of concept is as follows: www.example.com/blog/admin/listcomment.php?id=16 The ID being the blog ID obtained from the index. Using this we can go here... http://www.truegirlonline.net/blog/admin/deletecomment.php?id=16 And delete comments without any admin sosay. And the blog deletion. http://www.example.net/blog/admin/deleteblog.php?id=15 The fix presently would be to add checks for authenticity like the other files. if($_SESSION['login'] != "user_valid_and_logged_in") { header("Location: ../index.php"); }  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Multiple Vendors libc/gdtoa printf(3) Array Overrun
SecurityReason realised new advisory about vulnerabilities libc/gdtoa... |
||
| Apache |  |
|
» Apache Tomcat |
||
» Apache Tomcat User |
||
| PHP | |
|
» PHP |
||
- 2009-05-30| Copyright © SecurityReason.com. All Rights Reserved. |