Blahz-DNS 0.2 - Direct Script Call Authentication Bypass

Author: ppp-design
type: webapps
platform: php
port: 
date_added: 2002-04-28  
date_updated: 2012-09-21  
verified: 1  
codes: CVE-2002-0599;OSVDB-5178  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 21426.txt  

source: https://www.securityfocus.com/bid/4618/info

Blahz-DNS is a web based management tool for DNS information. It is implemented in PHP, and available for Linux systems.

By directly calling scripts included with Blahz-DNS, it is possible to bypass the authentication check, gaining full access to the Blahz-DNS tool.

http://www.example.com/dostuff.php?action=modify_user