Release Date: 28-Feb-2011

Last Update: –

Vendor Notification Date: 14-Oct-2010

Product: PHP Blog Insert

Platform: Independent

Affected versions: All releases up to and including version 1.0.2

Severity Rating: High

Impact: Authentication security bypass

Attack Vector: Remote without authentication

Solution Status: No solution currently exists for this vulnerability

CVE reference: Not yet assigned

Details

PHP Blog Insert is a simple blog engine designed to be inserted into an existing web site or application. It is written in PHP and uses a MySQL backend.

The application is vulnerable to an authentication bypass attack due to flawed and predictable access control and session management logic. The application assumes a user is authenticated as an administrator if a cookie is present within a web browser that is named the MD5 hash of the text string “admin”.

Successful exploitation of this vulnerability will result in an attacker gaining access to the administration functionality of the application without the use of valid credentials.

The software can be obtained from:

http://sourceforge.net/projects/php-blog-insert/

Please refer to the PDF version of this advisory for proof of concept code examples.

Solution

The vendor has not responded to our repeated email notifications and a private blog post on the author’s blog.

An updated release of PHP Blog Insert that corrects this vulnerability is not available.

Discovered By

Sense of Security Labs.