OVH data canter control panel session fixation vulnerability

2015.12.06

Credit: Al-mamon rasool abdali hussain

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

credit  Al-mamon rasool abdali hussain
# Exploit Title: OVH  data center  control panel  session fixation vulnerability

# Exploit Author: Al-mamon rasool abdali hussain
# Vendor Homepage: ovh.com
# Tested on: https://ca.ovh.com

the well khnown french  data center  its users control panel suffer from
session fixation vulnerability the  cp of ovh send the uniq session  through  url like these
https://ca.ovh.com/manager/index.html?csid=2xo38

the session parameter is csid
while its small char size its easy to be brute forced
also the cp will log you out  after 1 min if you just  open the  url  to stay  connected and not been  kiked out just go ro
biling and  try click  all its item  the session will be re-auth you and you gain full access now

References:

https://ca.ovh.com/manager/index.html?csid=2xo38

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

OVH data canter control panel session fixation vulnerability

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.