sNews SNews.PHP Authentication Bypass Vulnerability
BID:22025
Info
sNews SNews.PHP Authentication Bypass Vulnerability
| Bugtraq ID: | 22025 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 12 2007 12:00AM |
| Updated: | Jan 12 2007 10:11PM |
| Credit: | rgod is credited with the discovery of this vulnerability. |
| Vulnerable: |
sNews sNews 1.5.30 sNews sNews 1.5.29 |
| Not Vulnerable: | |
Discussion
sNews SNews.PHP Authentication Bypass Vulnerability
sNews is prone to a vulnerability that may permit attackers to bypass the application's authentication mechanism.
Exploiting this issue may allow an attacker to bypass the authentication mechanism and to gain unauthorized access to the affected application. This may lead to other attacks.
sNews is prone to a vulnerability that may permit attackers to bypass the application's authentication mechanism.
Exploiting this issue may allow an attacker to bypass the authentication mechanism and to gain unauthorized access to the affected application. This may lead to other attacks.
Exploit / POC
sNews SNews.PHP Authentication Bypass Vulnerability
An attacker can exploit this issue via a web client.
Sample exploit code has been provided:
An attacker can exploit this issue via a web client.
Sample exploit code has been provided:
Solution / Fix
sNews SNews.PHP Authentication Bypass Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].