hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
GovernmentSecurity.org > The Archives > Exploit Articles
qcred11
May 21 2004, 06:05 AM
QUOTE


Arhont Ltd.- Information Security
Arhont Advisory by: Konstantin Gavrilenko (http://www.arhont.com)
Advisory: Ph0rum phorum_uriauth replay attack
Class: design bug ?
Version: 4.3.7
Model Specific: Other version might have the same bug
Contact Date: 11/05/2004 (email sent to tomaz@phorum.org)

DETAILS:

It is possible to relogin into the previously not loged out sessions in
Ph0rum udner certain conditions. Two criterias have to be fulfilled:
- the member has to leave the phorum without logging out.
- you have to intercept the hash of his not logged out session or grep
it out of web-seerver logs

~ e.g.
the intercepted URL or taken straight out of the apache logs
http://xxx.xxx.xxx/phorum/profile.php?f=1&...67f6daf1f35d45a
24a36355f4b1

post it into mozilla/Opera and you are in. Works both for ph0rum user
and admin.

maybe it is worthwile to add an auto-expire function for sessions?


Risk Factor: Low/Medium

Workarounds: Always log out smile.gif

F34R
May 21 2004, 11:10 AM
not bad... great info. smile.gif
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.