Home » Hacking News » MiniPortail admin.php authentication bypass vulnerability

MiniPortail admin.php authentication bypass vulnerability

by Mario Miri on May 19th, 2003 Authentication bypass vulnerability exists in MiniPortail. Specifically, admin.php can authenticate user by user controlled cookie data before verifying password.

Vulnerable:
MiniPortail 1.9
MiniPortail 2.0
MiniPortail 2.1
MiniPortail 2.2


Solution:
Unofficial patch is available:
http://www.comscripts.com/scripts/?script=1133
Currently there are no vendor supplied patches.


Discovered by:
Frog Man, [email protected]

From the forum

The forums are now OPEN AGAIN!

Xatrix.org © Copyright 2001-2016, Xatrix Security . All Rights Reserved
A feeling of aversion or attachment toward something is your clue that there's work to be done. - Ram Dass