Reported August 11, 2000 by Adam Hupp
- Lyris List Manager 3.0 and 4.0
After logging in to the Lyris Web interface, a user a presented with a Web page that can be saved, modified in a particular manner, and the transmitted back to the server to gain administrative level access to the product.
Locate the HTML form field that reads:
<INPUT TYPE="hidden" NAME="list_admin" VALUE="F">
and change that VALUE definition to "T" as seen below:
<INPUT TYPE="hidden" NAME="list_admin" VALUE="T">
Submit the form to the Web server to gain administrator access
Lyris has released a patch that corrects this matter for versions 3.0 and 4.0.
Discovered by Adam Hupp