https://www.exploit-db.com/exploits/21426
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200206-039

Blahz-DNS是一款基于WEB的DNS信息管理工具，由PHP语言实现，可使用在Linux操作系统下。Blahz-DNS验证处理中存在漏洞，可导致远程攻击者绕过验证机制以管理员权限访问系统。Blahz-DNS只对登录页面实现验证处理，需要用户提供用户名和密码，攻击者可以通过直接调用Blahz-DNS中的其他脚本，就能绕过验证检查，无需密码以管理员权限全局访问Blahz-DNS所有功能如增加用户，改变用户等。

source: http://www.securityfocus.com/bid/4618/info

Blahz-DNS is a web based management tool for DNS information. It is implemented in PHP, and available for Linux systems.

By directly calling scripts included with Blahz-DNS, it is possible to bypass the authentication check, gaining full access to the Blahz-DNS tool.

http://www.example.com/dostuff.php?action=modify_user

来源:BID
名称:4618
链接:http://www.securityfocus.com/bid/4618
来源:XF
名称:blahzdns-auth-bypass(8951)
链接:http://www.iss.net/security_center/static/8951.php
来源:BUGTRAQ
名称:20020428Blahz-DNS:Authenticationbypassvulnerability
链接:http://archives.neohapsis.com/archives/bugtraq/2002-04/0395.html
来源:sourceforge.net
链接:http://sourceforge.net/project/shownotes.php?release_id=87004
来源:OSVDB
名称:5178
链接:http://www.osvdb.org/5178