Improper Authentication in Burden

2013-12-18T00:00:00
ID HTB23192
Type htbridge
Reporter High-Tech Bridge
Modified 2014-01-06T00:00:00

Description

High-Tech Bridge Security Research Lab discovered vulnerability in application authentication mechanism in Burden, which can be exploited by remote non-authenticated attacker to gain administrative access to the vulnerable application.

1) Improper Authentication in Burden: CVE-2013-7137
The vulnerability exists due to insufficient authentication when handling "burden_user_rememberme" cookie parameter. A remote unauthenticated user can set "burden_user_rememberme" cookie to "1" and gain administrative access to the application.
The exploitation example below shows HTTP GET request that grants administrative privileges to the user:
GET /login.php HTTP/1.1
Cookie: burden_user_rememberme=1;
The cookie can be also changed using a browser plugin such as Firebug for FireFox.