BugTraq
[eVuln.com] Cookie authentication bypass in Alguest Dec 03 2010 10:34AM
bt evuln com
New eVuln Advisory:

Cookie authentication bypass in Alguest

Summary: http://evuln.com/vulns/152/summary.html

Details: http://evuln.com/vulns/152/description.html

-----------Summary-----------

eVuln ID: EV0152

Software: Alguest

Vendor: n/a

Version: 1.1c-patched

Critical Level: high

Type: Authentication Bypass

Status: Unpatched. No reply from developer(s)

PoC: Not available

Solution: Not available

Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ )

--------Description--------

Cookie-based authentication bypass is present in admin.php, opzioni.php, elimina.php, modifica.php scripts.

Administration functions are threatened.

--------PoC/Exploit--------

PoC code is available at:

http://evuln.com/vulns/152/exploit.html

---------Solution----------

Not available

----------Credit-----------

Vulnerability discovered by Aliaksandr Hartsuyeu

http://evuln.com/tool/php-security.html - php source analyzer

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus