OpenJournal 2.0 - Authentication Bypassing

EDB-ID:

23659




Platform:

CGI

Date:

2004-02-06


source: https://www.securityfocus.com/bid/9598/info

It has been reported that OpenJournal is prone to an authentication bypass vulnerability. This issue is caused by the application failing to properly sanitize URI specified parameters. Successful exploitation of this issue may lead to remote attackers gaining unauthorized access to online journal files associated with the application, adding new users to the database as well as a number of other possibilities.

http://www.test.com/cgi-bin/oj.cgi?db=default&uid=%00&userid=hacker&auth=adduser