Owl Intranet Engine 0.7 - Authentication Bypass
| EKU-ID: 28076 | CVE: | OSVDB-ID: |
| Author: cdowns | Published: 2003-05-14 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 28076 | CVE: | OSVDB-ID: |
| Author: cdowns | Published: 2003-05-14 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/7595/info Owl has been reported prone to an authentication bypass vulnerability. The issue presents itself due to a lack of sufficient sanitization when checking the validity of usernames and passwords supplied to 'browse.php'. An attacker may exploit this condition to bypass the Owl authentication system. http://www.example.com/intranet/browse.php?loginname=whocares&parent=1&expand=1&order=creatorid&sortposted=ASC