Neuigkeiten:

still alive...

Hauptmenü

[Powie\"s PSCRIPT Forum] Cookie Data Vulnerability

Begonnen von , 15. Oktober 2004, 22:07:37

Vorheriges Thema - Nächstes Thema



Cookie Data Vulnerability
in
Powie\'s PSCRIPT Forum
Summary
Product             Powie\'s PSCRIPT Forum
Version              4.1.0 and mySQL
ii)    
name = puserpwd, value=
Proof of Concept
Install a new, clean version of PSCRIPT Pforum <= 1.26. Run pforum_createdb.php.
Create two cookies (User ID 1, Password = \'admin\', default setting):
i)      
name = puserid, value=1
ii)    
name = puserpwd, value=43e9a4ab75570f5b
Workaround
Deactivating \"Save Login\" by outcommenting lines 91 - 97 in logincheck.php
Risk Level
Medium High. Although the PSCRIPT Forum has some XSS-Weakpoints [1] and
Cookie Path Vulnerabilites, the \"Save Login\" is not mandatory.
Vendor
The Vendor was informed two month ago, but ignored the advisory.
 
http://dev.mysql.com/doc/mysql/en/Password_hashing.html
http://dev.mysql.com/doc/mysql/en/Encryption_functions.html
[1]
http://www.securityfocus.com/archive/1/371782/2004-08-13/2004-08-19/2




all your base are belong to us / Discord