Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [eVuln.com] Cookie Auth Bypass in Hot Links SQL

From: security curmudgeon <jericho () attrition org>
Date: Tue, 5 Apr 2011 20:17:38 -0500 (CDT)

: New eVuln Advisory:
: Cookie Auth Bypass in Hot Links SQL
: http://evuln.com/vulns/140/summary.html 

Already discovered and disclosed:

http://www.exploit-db.com/exploits/8684/

Published: 2009-05-14


: -----------------------[ Summary ]-------------------------
: eVuln ID: EV0140
: Software: Hot Links SQL 3
: Vendor: Mrcgiguy
: Version: 3.2.0
: Critical Level: high
: Type: Authentication Bypass
: Status: Unpatched. No reply from developer(s)
: PoC: Available
: Solution: Not available
: Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ )
: -----------------------[ Description ]----------------------
: Cookie Auth Bypass vulnerability found in Hot Links SQL 3. 
: It is possible to get access to admin panel without password comparison.
: --------PoC/Exploit--------
: PoC code is available at http://evuln.com/vulns/140/exploit.html 
: -----------------------[ Solution ]-------------------------
: Not available
: -----------------------[ Credit ]---------------------------
: Vulnerability discovered by Aliaksandr Hartsuyeu
: http://evuln.com/tools.html - Web Security Tools
:
Previous By Date Next
Previous By Thread Next

Current thread: