Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: PHPXMAIL - Authentication Bypass
From: security () surefoot com
Date: Wed, 6 Jul 2005 14:04:10 -0600
Hi Steve

On Wednesday 06 July 2005 11:57, Steve <St> wrote:

Author:       Stefan Lochbihler
Date:         6. Juli 2005
Affected      Software: PHPXMAIL
Software      Version: 0.7 -> 1.1
Software      URL: http://phpxmail.sourceforge.net/
Attack:       Authentication Bypass


[...details snipped...]


The problem occurs when we try to log in with an overlong password 
because we get no response message from the server and the function dont
exit.

Now when we login with a username like postmaster () localhost and an
overlong password
we bypass the error handler and successfully log in.


[...]


Solution: Maybe insert a maxsize tag to the passwords input field.



Discovered by Steve


Erm... a maxsize tag will not prevent the attack at all.

J

-- 
There is no such thing as fortune.  Try again.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]