28 Feb Security Advisory – SOS-11-002 – PHP Blog Insert Authentication Security Bypass
Release Date: 28-Feb-2011
Last Update: –
Vendor Notification Date: 14-Oct-2010
Product: PHP Blog Insert
Affected versions: All releases up to and including version 1.0.2
Severity Rating: High
Impact: Authentication security bypass
Attack Vector: Remote without authentication
Solution Status: No solution currently exists for this vulnerability
CVE reference: Not yet assigned
PHP Blog Insert is a simple blog engine designed to be inserted into an existing web site or application. It is written in PHP and uses a MySQL backend.
The application is vulnerable to an authentication bypass attack due to flawed and predictable access control and session management logic. The application assumes a user is authenticated as an administrator if a cookie is present within a web browser that is named the MD5 hash of the text string “admin”.
Successful exploitation of this vulnerability will result in an attacker gaining access to the administration functionality of the application without the use of valid credentials.
The software can be obtained from:
Please refer to the PDF version of this advisory for proof of concept code examples.
The vendor has not responded to our repeated email notifications and a private blog post on the author’s blog.
An updated release of PHP Blog Insert that corrects this vulnerability is not available.
Sense of Security Labs.