Maian Uploader 'uploader_cookie' Authentication Bypass Vulnerability
BID:30210
Info
Maian Uploader 'uploader_cookie' Authentication Bypass Vulnerability
| Bugtraq ID: | 30210 |
| Class: | Design Error |
| CVE: |
CVE-2008-3321 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 13 2008 12:00AM |
| Updated: | Apr 16 2015 05:58PM |
| Credit: | S.W.A.T. |
| Vulnerable: |
Maian Script World Maian Uploader 4.0 |
| Not Vulnerable: | |
Discussion
Maian Uploader 'uploader_cookie' Authentication Bypass Vulnerability
Maian Uploader is prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for cookie-based authentication.
Attackers can exploit this vulnerability to gain administrative access to the affected application.
This issue affects Maian Uploader 4.0 and prior versions.
Maian Uploader is prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for cookie-based authentication.
Attackers can exploit this vulnerability to gain administrative access to the affected application.
This issue affects Maian Uploader 4.0 and prior versions.
Exploit / POC
Maian Uploader 'uploader_cookie' Authentication Bypass Vulnerability
Attackers can exploit this issue via a browser.
The following example JavaScript code to create a cookie is available:
javascript:document.cookie = "uploader_cookie=1; path=/";
Attackers can exploit this issue via a browser.
The following example JavaScript code to create a cookie is available:
javascript:document.cookie = "uploader_cookie=1; path=/";
Solution / Fix
Maian Uploader 'uploader_cookie' Authentication Bypass Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Maian Uploader 'uploader_cookie' Authentication Bypass Vulnerability
References:
References:
- Maian Weblog Homepage (Maian Script World)