Maian Weblog 'weblog_cookie' Authentication Bypass Vulnerability
BID:30209
Info
Maian Weblog 'weblog_cookie' Authentication Bypass Vulnerability
| Bugtraq ID: | 30209 |
| Class: | Design Error |
| CVE: |
CVE-2008-3318 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 13 2008 12:00AM |
| Updated: | May 07 2015 05:27PM |
| Credit: | S.W.A.T. |
| Vulnerable: |
Maian Script World Maian Weblog 4.0 |
| Not Vulnerable: | |
Discussion
Maian Weblog 'weblog_cookie' Authentication Bypass Vulnerability
Maian Weblog is prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for cookie-based authentication.
Attackers can exploit this vulnerability to gain administrative access to the affected application.
This issue affects Maian Weblog 4.0 and prior versions.
Maian Weblog is prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for cookie-based authentication.
Attackers can exploit this vulnerability to gain administrative access to the affected application.
This issue affects Maian Weblog 4.0 and prior versions.
Exploit / POC
Maian Weblog 'weblog_cookie' Authentication Bypass Vulnerability
Attackers can exploit this issue via a browser.
The following example JavaScript code to create a cookie is available:
javascript:document.cookie = "weblog_cookie=1; path=/";
Attackers can exploit this issue via a browser.
The following example JavaScript code to create a cookie is available:
javascript:document.cookie = "weblog_cookie=1; path=/";
Solution / Fix
Maian Weblog 'weblog_cookie' Authentication Bypass Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Maian Weblog 'weblog_cookie' Authentication Bypass Vulnerability
References:
References:
- Maian Weblog Homepage (Maian Script World)