admin.php vulnerability
Date: Tuesday, March 23, 2004 @ 12:13 AM CST
Topic: Security Advisory

SecurityFocus has reported about a vulnerability in admin.php that allows an attacker to create a superuser or modify existing ones, several solutions have been provided and i for one will check into them but in the meantime i offer adding to admin.php after the credits the following:

if(stristr($_SERVER["QUERY_STRING"],'AddAuthor') || stristr($_SERVER["QUERY_STRING"],'UpdateAuthor')) {
die("Illegal Operation");
}

Neither op should pass through the url anyway so my first choice is to block them.


This article comes from Nuke Resources
http://www.nukeresources.com

The URL for this story is:
http://www.nukeresources.com/modules.php?name=News&file=article&sid=620