SudBox Boutique 1.2 - 'login.php' Authentication Bypass
| EKU-ID: 28101 | CVE: | OSVDB-ID: |
| Author: frog | Published: 2003-05-21 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 28101 | CVE: | OSVDB-ID: |
| Author: frog | Published: 2003-05-21 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/7651/info A vulnerability has been reported for SudBox Boutique. The problem occurs due to insufficient initialization of variables and may allow an unauthorized user to gain authenticate. Specifically, by making a malicious request to the login.php script it may be possible to authenticate as the administrative user. http://www.example.org/admin/login.php?check=1&admin=1