OVH data canter control panel session fixation vulnerability

2015.12.06

Credit: Al-mamon rasool abdali hussain

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

credit Al-mamon rasool abdali hussain
# Exploit Title: OVH data center control panel session fixation vulnerability
# Exploit Author: Al-mamon rasool abdali hussain
# Vendor Homepage: ovh.com
# Tested on: https://ca.ovh.com
the well khnown french data center its users control panel suffer from
session fixation vulnerability the cp of ovh send the uniq session through url like these
https://ca.ovh.com/manager/index.html?csid=2xo38
the session parameter is csid
while its small char size its easy to be brute forced
also the cp will log you out after 1 min if you just open the url to stay connected and not been kiked out just go ro
biling and try click all its item the session will be re-auth you and you gain full access now

References:

https://ca.ovh.com/manager/index.html?csid=2xo38

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

OVH data canter control panel session fixation vulnerability

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.