Sense of Security is one of Australia’s most trusted providers of cyber resilience, information security and risk management services.

Latest announcements
© Copyright Sense of Security

Security Advisory – SOS-11-002 – PHP Blog Insert Authentication Security Bypass

Release Date: 28-Feb-2011

Last Update:

Vendor Notification Date: 14-Oct-2010

Product: PHP Blog Insert

Platform: Independent

Affected versions: All releases up to and including version 1.0.2

Severity Rating: High

Impact: Authentication security bypass

Attack Vector: Remote without authentication

Solution Status: No solution currently exists for this vulnerability

CVE reference: Not yet assigned

Details

PHP Blog Insert is a simple blog engine designed to be inserted into an existing web site or application. It is written in PHP and uses a MySQL backend.

The application is vulnerable to an authentication bypass attack due to flawed and predictable access control and session management logic. The application assumes a user is authenticated as an administrator if a cookie is present within a web browser that is named the MD5 hash of the text string “admin”.

Successful exploitation of this vulnerability will result in an attacker gaining access to the administration functionality of the application without the use of valid credentials.

The software can be obtained from:

http://sourceforge.net/projects/php-blog-insert/

Please refer to the PDF version of this advisory for proof of concept code examples.

Solution

The vendor has not responded to our repeated email notifications and a private blog post on the author’s blog.

An updated release of PHP Blog Insert that corrects this vulnerability is not available.

Discovered By

Sense of Security Labs.

Our expert consultants are here to help you. For all your Cyber Security needs please contact us today.

No Comments

Sorry, the comment form is closed at this time.