Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: Privileg escalation in Omegasoft Insel 7

Privileg escalation in Omegasoft Insel 7

From: MC Iglo <mc.iglo_at_googlemail.com>
Date: Wed, 9 Jan 2008 15:52:16 +0100

Hi list,

Omegasoft's Insel 7 stores Cookies on your computer for identifying
the logged-in user.
As these Cookies do not contain any password hash but only the
username and some meaningless stuff you can easily get into the system
with another login.

this gets even more easy, as there is a conclusive error message on
failed login attempt.
If the user exists, you get a wrong password message.
It is possible to enumerate the users.

together, you can sign on as any user u want to without knowing the password.

Cookiename: OMEGALogon
value: [MANDATOR]%7C[CUSTOMERNUMBER]%7C[USERID]%7C%7CArial%7CArial%7C%2D%2D%2D%2D%2D%2D%7C[SURNAME]%2C+[NAME]%7C%7C%7C[LASTLOGINTIME]%7C

Cookiename: OMEGA[MANDATOR]
value: [USERID]%7C[CUSTOMERNUMBER]%7[HOST]%7C[DATE]%7C

Regards
MC.Iglo
Received on Jan 09 2008

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]