Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Lyris List Manager Administration Hole
From: Adam Hupp <hupp () UPL CS WISC EDU>
Date: Fri, 11 Aug 2000 22:43:07 -0500
Versions 3 and 4 of the Lyris List Manager allow any mailing list
subscriber to gain access to the administrative interface of that list.
After a user has logged in, they may modify the generated web page as
follows to gain access:

Save the html to disk, and add the full path to the server into the FORM
tag. This allows it to be submitted when loaded from disk.  Next change
the value of 

<INPUT TYPE="hidden" NAME="list_admin" VALUE="F">

to a "T".  When the page is loaded back in the browser the user has
complete access to all list administrator functions.  

Lyris has been notified, and a fix is available at
http://www.lyris.com/lm/lm_updates.html


-Adam

Note: I am not a representative of Lyris

Attachment: _bin
Description:

  By Date           By Thread  

Current thread:
  • Lyris List Manager Administration Hole Adam Hupp (Aug 14)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]