[24819] in bugtraq
Cookie vulnerability in Alguest guestbook (PHP)
daemon@ATHENA.MIT.EDU (MOD)
Mon Mar 25 16:30:01 2002
Message-ID: <000c01c1d31d$afef9170$812b1f3e@MATRIXHASYOU>
From: "MOD" <br014c1155@blueyonder.co.uk>
To: <bugtraq@lists.securityfocus.com>
Date: Sun, 24 Mar 2002 10:21:39 -0000
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Alguest is a guestbook programmed in PHP, there is a major flaw in it which
enables any user to access the admin panel. The script can be downloaded
from
http://www.hotscripts.com/cgi-bin/dload.cgi?ID=14105
It has a flaw in which cookie data isn't properly checked for administrator
rights (username, password), it only checks if the cookie is present
"elseif(isset($admin))" Therefore anyone can just create a cookie and gain
access to administrator privledges.
A solution might be this "elseif(isset($HTTP_COOKIE_VARS['admin'] ==
$password && $username))" but I haven't tested it so I can not guarantee it.
