EmuLive Server4 Authentication Bypass And Denial Of Service Vulnerabilities

EmuLive Server4 Authentication Bypass And Denial Of Service Vulnerabilities

No exploit is required to leverage either of these issues. The following is a proof of concept URI request designed to bypass the administrator authentication:

http://www.example.com//PUBLIC/ADMIN/INDEX.HTM

Note that the '//' after the 'http://www.example.com' is where a session ID would be presented, by providing no data between these slashes a NULL session ID is used to authenticate the attacker.