#23 Insecure Session

[L3b-r1'z]

Hello :D

I'm L3b-r1'z Bug Researcher :)

i found an bug in your last version of your project :D

look to file named config

if(!session_is_registered('phpcsl') &&
!isset($_GET['login']) && isset($_GET['act'])) {

if(!$_GET['act'] == "session") {
$ur = "index.php?login=y&q=".base64_encode(querystr());
header("Location: $ur");

your session is danger here :D

an attacker can add or edit or delete just to add in url

http://domain.tld/codesnippets/index.php?op=snips&act=add
add category

http://localhost/codesnippets/index.php?op=cats&act=add

http://localhost/codesnippets/index.php?op=cats&act=edit rename

attacker can add every thing without logged in to your project :D

Please Relase it before i share it :)

Contact : L3br1z@Gmail.com

Peace

[L3b-r1'z]

http://www.exploit4arab.com/exploits/155

[Johannes Pahl]

How would you correct this?
< $ur = "index.php?login=y&q=".base64_encode(querystr());

$ur = "index.php?login=y";