Auth Bypass in PHP SimpleNEWS, PHP SimpleNEWS MySQL

Summary

Vulnerability
Auth Bypass in PHP SimpleNEWS, PHP SimpleNEWS MySQL
Discovered
2006.03.10
Last Update
2006.05.04 Solution added
ID
EV0094
CVE
CVE-2006-1276
Risk Level
medium
Type
Unauthorized Data Modification
Status
Unpatched. No reply from developer(s)
Vendor
Himpfen Consulting Company (http://www.himpfenconsulting.com/)
Vulnerable Software
PHP SimpleNEWS, PHP SimpleNEWS MySQL (http://www.himpfenconsulting.com/code/php-simplenews/)
Version
1.0.0
PoC/Exploit
Available
Solution
Available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

Unauthorized Data Modification found in PHP SimpleNEWS, PHP SimpleNEWS MySQL (http://www.himpfenconsulting.com/code/php-simplenews/) script.

Vulnerabe script: admin.php

To check if administrator logged in script use only one cookie variable: admin and dont make password comparison.

PoC/Exploit

Cookie value:

Cookie: admin=loggedin

Solution.

To fix this problem install or upgrade to latest version (with .htaccess)