|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[sec-adv] AttilaPHP Authentication Bypass
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Wed Aug 27 2003 - 09:21:00 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
AttilaPHP Authentication Bypass
SECUNIA ADVISORY ID:
SA9623
VERIFY ADVISORY:
http://www.secunia.com/advisories/9623/
CRITICAL:
Moderately critical
IMPACT:
Security Bypass
WHERE:
From remote
SOFTWARE:
AttilaPHP 3.x
DESCRIPTION:
A vulnerability has been identified in AttilaPHP allowing malicious
people to bypass authentication.
The problem is that it is possible to manipulate the SQL query so
that the authentication check is always true. This can be done by
setting the "cook_id" parameter to "0 OR visiteur=1".
This has been reported to affect version 3.0
SOLUTION:
Edit the source code so that input is handled correctly.
REPORTED BY / CREDITS:
frog-mn
----------------------------------------------------------------------
Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +45 7020 5144
Fax : +45 7020 5145
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]