Hosting Controller dsp_newreseller.asp Session Generation Privilege Escalation

Network Security News – Monday, July 18, 2005 Events

Hosting Controller dsp_newreseller.asp Session Generation Privilege Escalation

Hosting Controller contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an authenticated user requests the dsp_newreseller.asp script and uses it to create a new session with elevated privileges.. Read more at osvdb.org/17906

PHPCounter prelims.php Path Disclosure

PHPCounter contains a flaw that may lead to an unauthorized information disclosure. Өe issue is triggered when a remote attacker makes a direct request to the prelims.php script without parameters, which will disclose the installation path resulting in a loss of confidentiality.. Read more at osvdb.org/17876

PHPCounter index.php EpochPrefix Variable XSS

PHPCounter contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'EpochPrefix' variable upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17875

User Account Policy Password Never Changed/Expires

Some systems are configured so that user accounts have passwords that do not expire. This means a user can continue logging into the account with the same password indefinitely. This is considered by most to be a bad security practice as it may assist an attacker carry out brute force style attacks against the system, with a higher chance for success. In addition, if an attacker is able to get a password via a method such as 'trashing' or obtaining the hashed passwords, by the time they are able to try to login with it, the password may be changed. By requiring users to change their passwords frequently, it is more difficult for an attacker to carry out such attacks and significantly lowers the window of risk.. Read more at osvdb.org/755

User Account Policy Account Has Never Logged In

Some system administrators issue user accounts that end up never being used. A strong user account policy will make periodic checks for such accounts and delete them. These accounts can be a security concern as they provide an attacker with a significant advantage in brute force attacks. As users log onto a system, there is typically a message indicating where the last login was from, and/or how many failed login attempts there were before authenticating. If a user notices hundreds or thousands of failed login attempts, they can warn the administrator of suspicious activity. If a user account exists but is not used by anyone, such attacks may go unnoticed. As such, it is ideal if unused accounts or not only locked out, but deleted completely.. Read more at osvdb.org/754

User Account Policy Disabled Accounts

System administrators will often disable an account after it is no longer being used. This is intended to lock the account out so that it may not be used until the administrator re-enables it. Historically, there have been several vulnerabilities that affect system behavior in regards to disabled accounts. Such vulnerabilities have allowed attackers to log into these accounts by bypassing the lockout. Administrators may also make global account changes that inadvertantly affect disabled accounts.. Read more at osvdb.org/752

User Account Policy Password Cannot Be Changed

Some systems may have an account policy that does not allow a user to change their password. This may be due to poor configuration or even as a result of an overzealous security posture. User accounts that do not allow password changes may pose a higher risk to an organization. If such an account has the password compromised for whatever reason, the user is unable to change the password once the disclosure is discovered. This may give an attacker an increased window to login to the account before an administrator can change the password.. Read more at osvdb.org/751

oaboard posting.php Direct Request Path Disclosure

oaboard contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker makes a direct request to the posting.php script, which will disclose the full installation path resulting in a loss of confidentiality.. Read more at osvdb.org/17927

oaboard topics.php Direct Request Path Disclosure

oaboard contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker makes a direct request to the topics.php script, which will disclose the full installation path resulting in a loss of confidentiality.. Read more at osvdb.org/17926

oaboard profil.php Direct Request Path Disclosure

oaboard contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker makes a direct request to the profil.php script, which will disclose the full installation path resulting in a loss of confidentiality.. Read more at osvdb.org/17930