TOPo v.2.2.178 Account Reset

2006.07.26

Credit: darkz gsa gmail com

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2006-3833 | CVE-2006-3834

CWE: N/A

TOPo v.2.2.178 Account Reset
Author: Attila Gerendi (Darkz)
Date: July 12, 2006
Package: TOPo (http://ej3soft.ej3.net/)
Versions Affected: 2.2.178 (Other versions may also be affected.)
Severity: Password Reset
Description:
It is possible to overide an existing entry posting a new entry with a previous entry ID.
The ID can be extracted from the main window links ex:
http://[host]/[path]/index.php?m=top&s=out&ID=1152699749.6695
The new entry will overide the original entry, also this will overide the original password.
Another problem is the ID formath xxxxxx.yyyy where yyyy is the original (initial) password.
Solution:
TOPo development seen to be suspended by now. No new release from January 5 2005.

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

TOPo v.2.2.178 Account Reset

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.