Reported August 23, 2000 by
n30

VERSIONS AFFECTED
  • CGI Script Center's Subscibe Me - all Lite versions

DESCRIPTION

Administrative level access can be obtained to the product by overwriting the existing admistrator password by calling a specific URL and passing it the new password. 

DEMONSTRATION

The following form (provided by the discoverer) will reset the password to whatever is entered. Note: the form is non-funtional in its current state since no specific URL has been defined in the "action' tag.

Subscribe Me LITE Status: Admin Password Set Vulnerability Exploit

n30

Please enter the NEW Admin Pass:

password
confirmation


 
To Use Modify Source To Point to subscribe.pl on TARGET Server

mail-me

 

VENDOR RESPONSE

The problem has been fixed in Subscribe Me Lite version 2.0

CREDIT
Discovered by
n30