Auth Bypass in PHP SimpleNEWS, PHP SimpleNEWS MySQL
Summary
- Vulnerability
- Auth Bypass in PHP SimpleNEWS, PHP SimpleNEWS MySQL
- Discovered
- 2006.03.10
- Last Update
- 2006.05.04 Solution added
- ID
- EV0094
- CVE
- CVE-2006-1276
- Risk Level
- medium
- Type
- Unauthorized Data Modification
- Status
- Unpatched. No reply from developer(s)
- Vendor
- Himpfen Consulting Company (http://www.himpfenconsulting.com/)
- Vulnerable Software
- PHP SimpleNEWS, PHP SimpleNEWS MySQL (http://www.himpfenconsulting.com/code/php-simplenews/)
- Version
- 1.0.0
- PoC/Exploit
- Available
- Solution
- Available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
Unauthorized Data Modification found in PHP SimpleNEWS, PHP SimpleNEWS MySQL (http://www.himpfenconsulting.com/code/php-simplenews/) script.
Vulnerabe script: admin.php
To check if administrator logged in script use only one cookie variable: admin and dont make password comparison.
PoC/Exploit
Cookie value:
Cookie: admin=loggedin
Solution.
To fix this problem install or upgrade to latest version (with .htaccess)