• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

SmartSiteCMS Admin.PHP Authentication Bypass Vulnerability

SmartSiteCMS is prone to an authentication-bypass vulnerability because the affected script fails to verify cookies properly and to perform other authentication checks. This lets a malicious user simply create an appropriately named cookie that allows administrative access to the application.

An attacker can exploit this issue to bypass authentication and gain admin access to the affected application. This could aid in further attacks on the affected computer.

SmartSiteCMS v 1.0 is vulnerable. Earlier Beta versions may also be affected.