wh-em.com upload 7.0 – Insecure Cookie Authentication Bypass

  • 作者: indoushka
    日期: 2010-02-16
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/33727/
  • source: https://www.securityfocus.com/bid/38610/info
    
    wh-em.com upload is prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for cookie-based authentication.
    
    Attackers can exploit this vulnerability to gain administrative access to the affected application, which may aid in further attacks.
    
    wh-em.com upload 7.0 is vulnerable; other versions may also be affected. 
    
    The following example data is available:
    
    javascript:document.cookie="whem_Name=adm_user;path=/";
    javascript:document.cookie="whem_Password=adm_user;path=/";