Reported August 11, 2000 by
Adam Hupp

VERSIONS AFFECTED
  • Lyris List Manager 3.0 and 4.0

DESCRIPTION

After logging in to the Lyris Web interface, a user a presented with a Web page that can be saved, modified in a particular manner, and the transmitted back to the server to gain administrative level access to the product.

DEMONSTRATION

Locate the HTML form field that reads:

<INPUT TYPE="hidden" NAME="list_admin" VALUE="F">

and change that VALUE definition to "T" as seen below:

<INPUT TYPE="hidden" NAME="list_admin" VALUE="T">

Submit the form to the Web server to gain administrator access

VENDOR RESPONSE

Lyris has released a patch that corrects this matter for versions 3.0 and 4.0.

CREDIT
Discovered by
Adam Hupp