Bugtraq mailing list archives
Cookie vulnerability in Alguest guestbook (PHP)
From: "MOD" <br014c1155 () blueyonder co uk>
Date: Sun, 24 Mar 2002 10:21:39 -0000
Alguest is a guestbook programmed in PHP, there is a major flaw in it which enables any user to access the admin panel. The script can be downloaded from http://www.hotscripts.com/cgi-bin/dload.cgi?ID=14105 It has a flaw in which cookie data isn't properly checked for administrator rights (username, password), it only checks if the cookie is present "elseif(isset($admin))" Therefore anyone can just create a cookie and gain access to administrator privledges. A solution might be this "elseif(isset($HTTP_COOKIE_VARS['admin'] == $password && $username))" but I haven't tested it so I can not guarantee it.
Current thread:
- Cookie vulnerability in Alguest guestbook (PHP) MOD (Mar 25)