[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [eVuln.com] Cookie Auth Bypass in Hot Links SQL

To: bt@xxxxxxxxx
Subject: Re: [eVuln.com] Cookie Auth Bypass in Hot Links SQL
From: security curmudgeon <jericho@xxxxxxxxxxxxx>
Date: Tue, 5 Apr 2011 20:17:38 -0500 (CDT)

: New eVuln Advisory:
: Cookie Auth Bypass in Hot Links SQL
: http://evuln.com/vulns/140/summary.html 

Already discovered and disclosed:

http://www.exploit-db.com/exploits/8684/

Published: 2009-05-14


: -----------------------[ Summary ]-------------------------
: eVuln ID: EV0140
: Software: Hot Links SQL 3
: Vendor: Mrcgiguy
: Version: 3.2.0
: Critical Level: high
: Type: Authentication Bypass
: Status: Unpatched. No reply from developer(s)
: PoC: Available
: Solution: Not available
: Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ )
: -----------------------[ Description ]----------------------
: Cookie Auth Bypass vulnerability found in Hot Links SQL 3. 
: It is possible to get access to admin panel without password comparison.
: --------PoC/Exploit--------
: PoC code is available at http://evuln.com/vulns/140/exploit.html 
: -----------------------[ Solution ]-------------------------
: Not available
: -----------------------[ Credit ]---------------------------
: Vulnerability discovered by Aliaksandr Hartsuyeu
: http://evuln.com/tools.html - Web Security Tools
:

Prev by Date: XSS Vulnerability in Redmine 1.0.1 to 1.1.1
Next by Date: Re: Multiple vulnerabilities in chCounter <= 3.1.3
Previous by thread: XSS Vulnerability in Redmine 1.0.1 to 1.1.1
Next by thread: Re: Multiple vulnerabilities in chCounter <= 3.1.3
Index(es):
- Date
- Thread