Bugtraq mailing list archives
Privileg escalation in Omegasoft Insel 7
From: "MC Iglo" <mc.iglo () googlemail com>
Date: Wed, 9 Jan 2008 15:52:16 +0100
Hi list, Omegasoft's Insel 7 stores Cookies on your computer for identifying the logged-in user. As these Cookies do not contain any password hash but only the username and some meaningless stuff you can easily get into the system with another login. this gets even more easy, as there is a conclusive error message on failed login attempt. If the user exists, you get a wrong password message. It is possible to enumerate the users. together, you can sign on as any user u want to without knowing the password. Cookiename: OMEGALogon value: [MANDATOR]%7C[CUSTOMERNUMBER]%7C[USERID]%7C%7CArial%7CArial%7C%2D%2D%2D%2D%2D%2D%7C[SURNAME]%2C+[NAME]%7C%7C%7C[LASTLOGINTIME]%7C Cookiename: OMEGA[MANDATOR] value: [USERID]%7C[CUSTOMERNUMBER]%7[HOST]%7C[DATE]%7C Regards MC.Iglo
Current thread:
- Privileg escalation in Omegasoft Insel 7 MC Iglo (Jan 09)