Burden不正确身份验证漏洞

2014-01-09T00:00:00
ID SSV:61308
Type seebug
Reporter Root
Modified 2014-01-09T00:00:00

Description

CVE ID:CVE-2013-7137

Burden是用PHP编写的一个全功能的任务管理应用程序。

该漏洞存在由于处理“burden_user_rememberme”cookie参数时没有足够的验证,远程未经认证的用户可以设置“burden_user_rememberme”cookie为“1”,并获得对应用程序的管理权限。 0 Burden<=1.8 厂商补丁:

Burden

Burden 1.8.1版本以修复此漏洞,建议用户下载使用:

https://github.com/joshf/Burden/releases/tag/1.8.1

                                        
                                            
                                                The exploitation example below shows HTTP GET request that grants administrative privileges to the user:
GET /login.php HTTP/1.1
Cookie: burden_user_rememberme=1;
The cookie can be also changed using a browser plugin such as Firebug for FireFox.