TOPo v.2.2.178 Account Reset

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1053171 漏洞类型
发布时间 2006-07-26 更新时间 2006-07-26
CVE编号 CVE-2006-3833
CVE-2006-3834
CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2006070116
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
TOPo v.2.2.178 Account Reset

Author: Attila Gerendi (Darkz)

Date: July 12, 2006

Package: TOPo (http://ej3soft.ej3.net/)

Versions Affected: 2.2.178 (Other versions may also be affected.)

Severity: Password Reset

Description:

It is possible to overide an existing entry posting a new entry with a previous entry ID.

The ID can be extracted from the main window links ex:

http://[host]/[path]/index.php?m=top&s=out&ID=1152699749.6695

The new entry will overide the original entry, also this will overide the original password.

Another problem is the ID formath xxxxxx.yyyy where yyyy is the original (initial) password.

Solution:

TOPo development seen to be suspended by now. No new release from January 5 2005.