Newbie CMS 0.0.2 – Insecure Cookie Authentication Bypass

• Exploit Database
• 13 阅读

• 作者： JIKO
  日期： 2010-02-25
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/33676/

• source: https://www.securityfocus.com/bid/38421/info
  
  Newbie CMS is prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for cookie-based authentication.
  
  Attackers can exploit this vulnerability to gain administrative access to the affected application, which may aid in further attacks.
  
  Versions prior to Newbie CMS 0.03 are vulnerable; other versions may also be affected. 
  
  Supplying the following cookie data is sufficient to exploit this issue:
  
  javascript:document.cookie="nb_logged=jiko;path=/newbb/admin/";