Menu

#23 Insecure Session

open
nobody
General (15)
5
2018-04-19
2012-06-30
L3b-r1'z
No

Hello :D

I'm L3b-r1'z Bug Researcher :)

i found an bug in your last version of your project :D

look to file named config

if(!session_is_registered('phpcsl') &&
!isset($_GET['login']) && isset($_GET['act'])) {

if(!$_GET['act'] == "session") {
$ur = "index.php?login=y&q=".base64_encode(querystr());
header("Location: $ur");

your session is danger here :D

an attacker can add or edit or delete just to add in url

http://domain.tld/codesnippets/index.php?op=snips&act=add
add category

http://localhost/codesnippets/index.php?op=cats&act=add

http://localhost/codesnippets/index.php?op=cats&act=edit rename

attacker can add every thing without logged in to your project :D

Please Relase it before i share it :)

Contact : L3br1z@Gmail.com

Peace

Discussion

  • L3b-r1'z

    L3b-r1'z - 2012-06-30
     
  • Johannes Pahl

    Johannes Pahl - 2018-04-19

    How would you correct this?
    < $ur = "index.php?login=y&q=".base64_encode(querystr());

    $ur = "index.php?login=y";

     

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.