AlGuest Web-based Guestbook Lets Remote Users Access the Guestbook With Administrator Privileges
|
Date: Mar 25 2002
|
Impact: User access via network
|
Exploit Included: Yes
|
Version(s): 1.0
|
Description: An authentication vulnerability was reported in the AlGuest guestbook software. A remote user can gain administrator access to the guestbook.
It is reported that a remote user can create a cookie to gain administrator access to the guestbook. Apparently, the application
only checks for the presence of a cookie named 'admin' and does not check to see if the remote user is properly authenticated and
has proper rights.
|
Impact: A remote user can gain administrator access to the application.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: sourceforge.net/projects/alguest/ (Links to External Site)
|
Cause: Authentication error, State error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
Underlying OS Comments: PHP-based
|
Reported By: "MOD" <br014c1155@blueyonder.co.uk>
|
Message History:
None.
|
Source Message Contents
|
Date: Sun, 24 Mar 2002 10:21:39 -0000
From: "MOD" <br014c1155@blueyonder.co.uk>
Subject: Cookie vulnerability in Alguest guestbook (PHP)
|
Alguest is a guestbook programmed in PHP, there is a major flaw in it which
enables any user to access the admin panel. The script can be downloaded
from
http://www.hotscripts.com/cgi-bin/dload.cgi?ID=14105
It has a flaw in which cookie data isn't properly checked for administrator
rights (username, password), it only checks if the cookie is present
"elseif(isset($admin))" Therefore anyone can just create a cookie and gain
access to administrator privledges.
A solution might be this "elseif(isset($HTTP_COOKIE_VARS['admin'] ==
$password && $username))" but I haven't tested it so I can not guarantee it.
|
|
