Burden 1.8 - Authentication Bypass Vulnerability

ID 1337DAY-ID-21749
Type zdt
Reporter High-Tech Bridge
Modified 2014-01-14T00:00:00


Exploit for php platform in category web applications

                                            Product: Burden
Vendor: Josh Fradley
Vulnerable Version(s): 1.8 and probably prior
Tested Version: 1.8
Advisory Publication:  December 18, 2013  [without technical details]
Vendor Notification: December 18, 2013
Vendor Patch: December 18, 2013
Public Disclosure: January 8, 2014
Vulnerability Type: Improper Authentication [CWE-287]
CVE Reference: CVE-2013-7137
Risk Level: High
CVSSv2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ )
Advisory Details:
High-Tech Bridge Security Research Lab discovered vulnerability in application authentication mechanism in Burden, which can be exploited by remote non-authenticated attacker to gain administrative access to the vulnerable application.
1) Improper Authentication in Burden: CVE-2013-7137
The vulnerability exists due to insufficient authentication when handling "burden_user_rememberme" cookie parameter. A remote unauthenticated user can set "burden_user_rememberme" cookie to "1" and gain administrative access to the application.
The exploitation example below shows HTTP GET request that grants administrative privileges to the user:
GET /login.php HTTP/1.1
Cookie: burden_user_rememberme=1;
The cookie can be also changed using a browser plugin such as Firebug for FireFox.
Update to Burden 1.8.1
More Information:

#  0day.today [2018-02-27]  #