BugTraq
[eVuln.com] Cookie Auth Bypass in Hot Links SQL Nov 18 2010 11:22PM
bt evuln com (1 replies)
New eVuln Advisory:

Cookie Auth Bypass in Hot Links SQL

http://evuln.com/vulns/140/summary.html

-----------------------[ Summary ]-------------------------

eVuln ID: EV0140

Software: Hot Links SQL 3

Vendor: Mrcgiguy

Version: 3.2.0

Critical Level: high

Type: Authentication Bypass

Status: Unpatched. No reply from developer(s)

PoC: Available

Solution: Not available

Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ )

-----------------------[ Description ]----------------------

Cookie Auth Bypass vulnerability found in Hot Links SQL 3.

It is possible to get access to admin panel without password comparison.

--------PoC/Exploit--------

PoC code is available at http://evuln.com/vulns/140/exploit.html

-----------------------[ Solution ]-------------------------

Not available

-----------------------[ Credit ]---------------------------

Vulnerability discovered by Aliaksandr Hartsuyeu

http://evuln.com/tools.html - Web Security Tools

[ reply ]
Re: [eVuln.com] Cookie Auth Bypass in Hot Links SQL Apr 06 2011 01:17AM
security curmudgeon (jericho attrition org)


 

Privacy Statement
Copyright 2010, SecurityFocus