Bugtraq mailing list archives
Sahana 0.6.2.2 Authentication Bypass
From: Christopher <vooduhal () gmail com>
Date: Wed, 17 Mar 2010 12:54:30 -0400
Ability to completely disable authentication via stream.php and commented out module authentication code within it. http://victim/<sahana_path>/index.php?mod=admin&act=acl_enable_acl Authenticates correctly. http://victim/<sahana_path>/stream.php?mod=admin&act=acl_enable_acl Does not.
Current thread:
- Sahana 0.6.2.2 Authentication Bypass Christopher (Mar 17)