Scripteen Free Image Hosting Script 'cookid' Authentication Bypass Vulnerability

Bugtraq ID:	30217
Class:	Design Error
CVE:	CVE-2008-3211
Remote:	Yes
Local:	No
Published:	Jul 13 2008 12:00AM
Updated:	May 07 2015 05:27PM
Credit:	RMx
Vulnerable:	Scripteen Scripteen Free Image Hosting Script 1.2.1
Not Vulnerable:

Scripteen Free Image Hosting Script 'cookid' Authentication Bypass Vulnerability

Scripteen Free Image Hosting Script is prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for cookie-based authentication.

Attackers can exploit this vulnerability to gain administrative access to the affected application.

This issue affects Scripteen Free Image Hosting Script 1.2.1; other versions may also be affected.

Scripteen Free Image Hosting Script 'cookid' Authentication Bypass Vulnerability

Attackers can exploit this issue using a browser.

The following example script code is available:

• /data/vulnerabilities/exploits/30217.php

Scripteen Free Image Hosting Script 'cookid' Authentication Bypass Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Scripteen Free Image Hosting Script 'cookid' Authentication Bypass Vulnerability

References:

• Scripteen Free Image Hosting Script Homepage (Scripteen )