|
Family: CGI abuses --> Category: attack
TowerBlog Admin Bypass Vulnerability Scan
Vulnerability Scan Summary Searches for the existence of a TowerBlog Admin Bypassing
Detailed Explanation for this Vulnerability Test
The remote host is running TowerBlog, a single-user content management
system, written in PHP.
Due to design error, a possible hacker may be granted administrative rights
by requesting the page '/?x=admin' while setting a cookie whose value
is 'TowerBlog_LoggedIn=1'.
See also : http://www.securiteam.com/unixfocus/5VP0G0KFFK.html
Solution : Disable this software
Risk factor: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|