phpRPG 0.8 /tmp Directory PHPSESSID Cookie Session Hijacking

2007-12-15T00:00:00
ID EDB-ID:30888
Type exploitdb
Reporter Michael Brooks
Modified 2007-12-15T00:00:00

Description

phpRPG 0.8 /tmp Directory PHPSESSID Cookie Session Hijacking. CVE-2007-6470. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/26884/info

phpRPG is prone to two vulnerabilities:

- An SQL-injection vulnerability
- A vulnerability that lets remote attackers gain access to sessions.

Exploiting these issues may allow an unauthorized user to steal sessions, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects phpRPG 0.8.0; other versions may also be affected. 

http://www.example.com/phpRPG-0.8.0/tmp/