'Pointter PHP Content Management System' Unauthorized Privilege Escalation (CVE-2010-4332)
Mark Stanislav - [email protected]
A vulnerability exists in the 'Pointter PHP Content Management System' authentication system which allows for administrative privileges by crafting two specific
cookies with arbitrary values.
1.0
Using whatever method you prefer, generate 'auser' and 'apass' cookies. The values of each cookie are irrelevant; the mere presence of the cookies provide the
administrative privilege.
http://www.pointter.com/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4332
http://www.uncompiled.com/2010/12/pointter-php-content-management-system-unauthorized-privilege-escalation-cve-2010-4332/
11/23/2010 - Initial vendor disclosure e-mail sent
11/24/2010 - Reply from vendor informing me that my 'software manipulation' was illegal
11/24/2010 - Response to vendor regarding their accusation of illegal actions on my part
11/24/2010 - Reply from vendor stating that by releasing this information, I am committing a crime
11/24/2010 - Response to vendor that their software is CC-licensed and that their accusations are unfounded
11/24/2010 - Rebuttal from vendor again affirming I was breaking the law by disclosing this vulnerability
11/24/2010 - Reply to vendor again stating my intent to help the company and provide responsible disclosure
11/24/2010 - Response from vendor stating they would no longer respond and explained their stance on fixing this issue
11/24/2010 - Final reply to vendor stating that I was happy to work with them on a delayed disclosure if desired
12/15/2010 - Public disclosure