PHPX Cookie PXL Value Modification Account Hijacking

2004-02-03T23:49:35
ID OSVDB:15661
Type osvdb
Reporter Manuel L?pez(manegts@hotmail.com)
Modified 2004-02-03T23:49:35

Description

Vulnerability Description

PHPX contains a flaw that may allow a malicious user to hijack other accounts. The issue is triggered when an attacker modifies the cookie's PXL value and submits it to the site. This can be used to hijack arbitrary accounts including the administrative account.

Solution Description

Upgrade to version 3.2.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

PHPX contains a flaw that may allow a malicious user to hijack other accounts. The issue is triggered when an attacker modifies the cookie's PXL value and submits it to the site. This can be used to hijack arbitrary accounts including the administrative account.

References:

Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=107586932324901&w=2 ISS X-Force ID: 15052 CVE-2004-0249 Bugtraq ID: 9569