which gives you a hash like '0e179250003459658275905707244744'.
Now you can login with that specific salt and '0' as the cookie.
Best,
Karsten
[0]
https://github.com/phpLiteAdmin/pla/blob/f3998704a846ddf71539092cd6fe84f2e9c35725/classes/Authorization.php#L40
On 23.04.2018
Hello,
I found a small issue in PHPLiteAdmin. It's an authorization bypass
which works since version 1.9.5 from 2014 (current is 1.9.7.1) because
PLA uses '==' instead of '===' for the password comparison in
'attemptGrant' of the 'Authorization' class. If the password is set to
one which correspon
. Credits
==
The code review and the reverse engineering was done by Karsten König of
CIPHRON. Sebastian Horzela and Lennart Henke supported.
The Niedersachen-CERT verified the findings of CIPHRON as an independent
party.
6. Greets
=
Greets to the team of CIPHRON, especially Martin
