what you don't know can hurt you

PHPCollab 2.5 Unauthenticated Access

PHPCollab 2.5 Unauthenticated Access
Posted May 23, 2012
Authored by team ' and 1=1--

PHPCollab version 2.5 fails to properly block access to data on the system.

tags | exploit, bypass
MD5 | bc86a1653dea13519ffa3cf29b1445e8

PHPCollab 2.5 Unauthenticated Access

Change Mirror Download
# Date: 3/5/2012
# Author: team ' and 1=1--
# Software Link: http://www.phpcollab.com/
# Version: 2.5
# Vulnerability was found during the AthCon IT Security Conference CTF
#CTF organizer: echothrust

We identified that the PhpCollab application installed under
http://192.0.0.2/phpcollab/ allows the unauthenticated access of all
authenticated content. Specifically when requesting a URL that requires
authentication, such as:
http://192.0.0.2/phpcollab/clients/listclients.php, the server responds
with a redirect (location header) to '../index.php?session=false', which
displays a session error and the login form. However upon inspecting the
response of the request, we can clearly see that all the application data
is returned. This issue allows us to access a number of PhpCollab pages
without any authentication (it must be noted that some of the
administration pages are not available when exploiting the issue). As an
example by using the following command an attacker can retrieve the phpinfo
of the server:
curl -i http://192.0.0.2/phpcollab/administration/phpinfo.php
phpinfo reveals that the system is:
Linux lamp.acmesec.fake 3.1.0-7.fc16.i686.PAE #1 SMP Tue Nov 1 20:53:45 UTC
2011 i686

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

April 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    21 Files
  • 2
    Apr 2nd
    35 Files
  • 3
    Apr 3rd
    21 Files
  • 4
    Apr 4th
    16 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    1 Files
  • 7
    Apr 7th
    2 Files
  • 8
    Apr 8th
    23 Files
  • 9
    Apr 9th
    19 Files
  • 10
    Apr 10th
    15 Files
  • 11
    Apr 11th
    14 Files
  • 12
    Apr 12th
    11 Files
  • 13
    Apr 13th
    2 Files
  • 14
    Apr 14th
    5 Files
  • 15
    Apr 15th
    14 Files
  • 16
    Apr 16th
    19 Files
  • 17
    Apr 17th
    19 Files
  • 18
    Apr 18th
    8 Files
  • 19
    Apr 19th
    4 Files
  • 20
    Apr 20th
    5 Files
  • 21
    Apr 21st
    1 Files
  • 22
    Apr 22nd
    4 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close