11 lines
No EOL
597 B
Text
11 lines
No EOL
597 B
Text
source: http://www.securityfocus.com/bid/4041/info
|
|
|
|
Portix-PHP is freely available web portal software. It is written in PHP and will run on most Unix and Linux variants.
|
|
|
|
Portix-PHP uses non-expiring cookies for session management. It is possible for a malicious user to manipulate values in their cookie to gain access to administrative pages on the web portal.
|
|
|
|
Successful hijacking of the administrative account will permit the malicious user to access all of the web portal's administrative facilities.
|
|
|
|
Change the values in the stored cookie to the following:
|
|
|
|
name=access value=ok |