Unauthorized Data Modification in Magic Downloads
Summary
- Vulnerability
- Unauthorized Data Modification in Magic Downloads
- Discovered
- 2006.02.09
- Last Update
- 2006.02.20 Exploitation code published
- ID
- EV0073
- CVE
- CVE-2006-0722
- Risk Level
- medium
- Type
- Unauthorized Data Modification
- Status
- Unpatched. No reply from developer(s)
- Vendor
- Reamday Enterprises (http://reamdaysoft.com)
- Vulnerable Software
- Magic Downloads (http://reamdaysoft.com/customers/magic-downloads/download.html)
- Version
- 1.1.3
- PoC/Exploit
- Available
- Solution
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
Unauthorized Data Modification found in Magic Downloads (http://reamdaysoft.com/customers/magic-downloads/download.html) script.
Unauthorized Data Modification
Vulnerable script: settings.php
Variables $action $passwd $admin_password $new_passwd $confirm_passwd are not initialized and their values can be replaced by user-defined data. This can be used to make unauthorized modifications in config.php
Condition: register_globals = ON
PoC/Exploit
Unauthorized Data Modification Example
http://host/path/settings.php?action=change&passwd=1&admin_password=1&new_passwd=new&confirm_passwd=new
Solution.
Solution for "Unauthorized Data Modification in Magic Downloads" is not available. Check Reamday Enterprises website for updates.