BugTraq
[eVuln.com] Cookie Auth Bypass in Hot Links SQL Nov 18 2010 11:22PM
bt evuln com (1 replies)
Re: [eVuln.com] Cookie Auth Bypass in Hot Links SQL Apr 06 2011 01:17AM
security curmudgeon (jericho attrition org)

: New eVuln Advisory:
: Cookie Auth Bypass in Hot Links SQL
: http://evuln.com/vulns/140/summary.html

Already discovered and disclosed:

http://www.exploit-db.com/exploits/8684/

Published: 2009-05-14

: -----------------------[ Summary ]-------------------------
: eVuln ID: EV0140
: Software: Hot Links SQL 3
: Vendor: Mrcgiguy
: Version: 3.2.0
: Critical Level: high
: Type: Authentication Bypass
: Status: Unpatched. No reply from developer(s)
: PoC: Available
: Solution: Not available
: Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ )
: -----------------------[ Description ]----------------------
: Cookie Auth Bypass vulnerability found in Hot Links SQL 3.
: It is possible to get access to admin panel without password comparison.
: --------PoC/Exploit--------
: PoC code is available at http://evuln.com/vulns/140/exploit.html
: -----------------------[ Solution ]-------------------------
: Not available
: -----------------------[ Credit ]---------------------------
: Vulnerability discovered by Aliaksandr Hartsuyeu
: http://evuln.com/tools.html - Web Security Tools
:

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus