Exploit PHProjekt 2.x/3.x - Authentication Bypass

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
21421
Проверка EDB
  1. Пройдено
Автор
ULF HARNHAMMAR
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2002-1757
Дата публикации
2002-04-25
Код:
source: https://www.securityfocus.com/bid/4596/info

PHProjekt is a freely available, open source PHP Groupware package. It is actively maintained by the PHPProjekt Development Team. It will run on most Linux and Unix variants, in addition to Microsoft Windows operating systems.

Some of the PHProjekt scripts are only intended to be accessed by users who have been authenticated. However, it has been reported that it is possible for an unauthenticated attacker to access these scripts via a specially crafted web request.

http://www.somehost.com/phprojekt/mail/mail_send.php/sms

where the extraneous "sms" is included to be passed to the $PHP_SELF variable as part of the PATH_INFO. This causes PHPProjekt to behave as though the attacker accessing the script is logged on to PHPProjekt as a legitimate user.
 
Источник
www.exploit-db.com

Похожие темы