CVE-2009-1283

glFusion before 1.1.3 performs authentication with a user-provided password hash instead of a password, which allows remote attackers to gain privileges by obtaining the hash and using it in the glf_password cookie, aka "User Masquerading." NOTE: this can be leveraged with a separate SQL injection vulnerability to steal hashes.

🔗 References (12)

• cve@mitrehttp://marc.info/?l=bugtraq&m=123877379105028&w=2
• cve@mitrehttp://retrogod.altervista.org/9sg_glfuso_sql_cookies.html
• cve@mitrehttp://secunia.com/advisories/34575
• cve@mitrehttp://www.glfusion.org/article.php/glfusion113
• cve@mitrehttp://www.glfusion.org/wiki/doku.php?id=glfusion:whatsnew
• cve@mitrehttps://www.exploit-db.com/exploits/8347
• af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=123877379105028&w=2
• af854a3a-2127-422b-91ae-364da2661108http://retrogod.altervista.org/9sg_glfuso_sql_cookies.html
• af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34575
• af854a3a-2127-422b-91ae-364da2661108http://www.glfusion.org/article.php/glfusion113
• af854a3a-2127-422b-91ae-364da2661108http://www.glfusion.org/wiki/doku.php?id=glfusion:whatsnew
• af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/8347