Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:11828
HistoryMar 16, 2006 - 12:00 a.m.

Invision Power Board v2.1.4 - session hijacking

2006-03-1600:00:00
vulners.com
10
JSON

Problem:

Invision Board v2.1.4 has a problem with sessions. Once it is
installed on a server where php is allowed to
use transparant sessions a session can be hijacked by other users.

Testing:

Once you visit a site where Invision Board is used the first click on
the Log In link points the visitor to a link with the session id in it:

index.php?s=<session_id>&act=Login&CODE=00

If you copy this session id, login and start a different browser (not
a new instance) then you only need to copy the session id url into
the different browser to login without giving the password and login
name.

Any links within the forum where the session_id is linked to the url
will enable other people (perhaps only
within the same network where the ipnumber is natted) to login when
users are online and logged in.

Reported:

Contacted the authors on march 1st, no response.
Contacted the author via the email address listed on this list, no
respons.

Regards,

Hans

JSON