geoBlog listcomments.php and deletecomments.php security bypass
| geoblog-listcomments-security-bypass (35494) |  Medium Risk |
Description:
BitDamaged (formerly geoBlog) could allow a remote attacker to bypass security restrictions, caused by missing authentication checks in the listcomments.php and deletecomments.php scripts. An attacker could exploit this vulnerability to obtain sensitive information and delete user comments.
Platforms Affected:
- geoBlog, geoBlog 1.0
Remedy:
No remedy available as of July 4, 2009.
Consequences:
Bypass Security
References:
- BugTraq Mailing List, Thu Jul 19 2007 - 03:14:25 CDT, Geoblog v1 administrator bypass at http://archives.neohapsis.com/archives/bugtraq/2007-07/0198.html.
- SourceForge.net, BitDamaged, 100% Customizable Blog at http://sourceforge.net/projects/bitdamaged/. (geoBlog was officially taken off-line 12/22/2004. It is now part of the BitDamaged blog.)
- BID-24966: geoBlog Multiple Security Bypass Vulnerabilities
- CVE-2007-4047: geoBlog (aka BitDamaged) 1 does not require authentication for (1) deletecomment.php, (2) deleteblog.php, and (3) listcomment.php in admin/, which allows remote attackers to delete arbitrary comments, delete arbitrary blogs, and have other unspecified impact via a request with a valid id parameter.
Reported:
Jul 19, 2007
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net