PHProjekt 2.x/3.x Login Bypass Vulnerability

2002-04-25T00:00:00
ID EDB-ID:21421
Type exploitdb
Reporter Ulf Harnhammar
Modified 2002-04-25T00:00:00

Description

PHProjekt 2.x/3.x Login Bypass Vulnerability. CVE-2002-1757. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/4596/info

PHProjekt is a freely available, open source PHP Groupware package. It is actively maintained by the PHPProjekt Development Team. It will run on most Linux and Unix variants, in addition to Microsoft Windows operating systems.

Some of the PHProjekt scripts are only intended to be accessed by users who have been authenticated. However, it has been reported that it is possible for an unauthenticated attacker to access these scripts via a specially crafted web request.

http://www.somehost.com/phprojekt/mail/mail_send.php/sms

where the extraneous "sms" is included to be passed to the $PHP_SELF variable as part of the PATH_INFO. This causes PHPProjekt to behave as though the attacker accessing the script is logged on to PHPProjekt as a legitimate user.