Ragnarok Online Control Panel 4.3.4 a - Authentication Bypass

EDB-ID:

26055

CVE:

N/A


Author:

VaLiuS

Type:

webapps


Platform:

PHP

Date:

2005-07-30


source: https://www.securityfocus.com/bid/14429/info

Ragnarok Online Control Panel (ROCP) is prone to a vulnerability that may let remote attackers bypass user authentication. This issue is related to how PHP variables are handled, letting an attacker influence a variable that is used to check user authentication.

Exploitation could yield administrative access to the ROCP site.

This issue may be exclusive to sites hosting ROCP with Apache Web server. This has not been confirmed. 

http://www.example.com/CP/account_manage.php/login.php