phpaa cms 0day and fix-vulnerability warning-the black bar safety net

2010-10-27T00:00:00
ID MYHACK58:62201028203
Type myhack58
Reporter 佚名
Modified 2010-10-27T00:00:00

Description

Author:BlAck. Eagle

cookie spoofing

Vulnerabilityfile:/admin/global.php

  1. <? php
  2. /**
    • Background public profile
  3. *
    • For the background application is initialized, a background verify permissions, etc.
  4. */
  5. require_once '../data/config.inc.php'; //system initialization file
  6. require_once '../include/function.admin.php'; //background Public Library
  7. 1 0. //Backend login authentication 1 1. if (! isset($_COOKIE['userid']) empty($_COOKIE['userid'])){ //the programmer just determine the userid exists, of course, can be bypassed. Prevention while is the session authentication or the generation of a random number of the cookie 1 2. setcookie(lastURL,get_url());//last access address 1 3. header("Location: login.php"); 1 4. } 1 5. ?& gt;

Use way: by cookie&&sqlinjection tool forged userid=any value. Then visit/admin/index. php can into the background

Repair solutions:

For session authentication or to generate a random number cookie