EmiratesHost – Insecure Cookie Authentication Bypass

• Exploit Database
• 10 阅读

• 作者： jago-dz
  日期： 2010-02-01
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/33946/

• source: https://www.securityfocus.com/bid/39963/info
  
  EmiratesHost is prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for cookie-based authentication.
  
  Attackers can exploit this vulnerability to gain administrative access to the affected application, which may aid in further attacks. 
  
  The following example data is available:
  
  www.example.com/admin
  javascript:document.cookie="login=right;path=/";