| 제목 | OUSL-GROUP-BrinaryBrains School-Student-Management-System 1.0 Authentication Bypass |
|---|
| 설명 | The application supports automatic login restoration through a cookie named `school_auth`. The `MY_Controller` constructor unconditionally attempts to recover a user session from this cookie via `restore_auth_session_from_cookie()`. The cookie’s integrity is protected by an HMAC-SHA256 signature generated by the method `sign_auth_cookie()`:
```php
protected function sign_auth_cookie($role, $user_id)
{
return hash_hmac('sha256', strtolower($role) . ':' . (int) $user_id, (string) $this->config->item('encryption_key'));
}
``` |
|---|
| 원천 | ⚠️ https://github.com/OUSL-GROUP-BrinaryBrains/School-Student-Management-System/issues/24 |
|---|
| 사용자 | Akirazz (UID 97888) |
|---|
| 제출 | 2026. 05. 04. PM 10:54 (1 월 ago) |
|---|
| 모더레이션 | 2026. 05. 30. AM 11:31 (26 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 367421 [OUSL-GROUP-BrinaryBrains School Student Management System 까지 1e70e5ad1125b86dca4ee086eb6bb121f17708b6 MY_Controller Login.php sign_auth_cookie role 약한 인증] |
|---|
| 포인트들 | 20 |
|---|