header-logo
Suggest Exploit
vendor:
dotproject
by:
SecurityFocus
7.5
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: dotproject
Affected Version From: 1.0.0
Affected Version To: 1.0.2
Patch Exists: Yes
Related CWE: N/A
CPE: dotproject
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

dotproject Authentication Bypass Vulnerability

dotproject is prone to an issue which may allow remote attackers to bypass authentication and gain administrative access to the software. This may be accomplished by submitting a maliciously crafted 'user_cookie' value either manually or via manipulation of URI parameters. This problem is due to the software relying on the user 'cookie_value' to authenticate the user.

Mitigation:

The vendor has released a patch to address this issue. Users should upgrade to the latest version of dotproject.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5347/info

dotproject is prone to an issue which may allow remote attackers to bypass authentication and gain administrative access to the software. 

This may be accomplished by submitting a maliciously crafted 'user_cookie' value either manually or via manipulation of URI parameters.

This problem is due to the software relying on the user 'cookie_value' to authenticate the user.

curl -b user_cookie=1 http://server/project/index.php?m=projects

or 

http://server/project/index.php?m=projects&user_cookie=1

Navigation

Suggest Exploit

Services By CQR