BID:39963

EmiratesHost Insecure Cookie Authentication Bypass Vulnerability

Info

EmiratesHost Insecure Cookie Authentication Bypass Vulnerability

Bugtraq ID:	39963
Class:	Access Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Feb 01 2010 12:00AM
Updated:	Feb 01 2010 12:00AM
Credit:	jago-dz
Vulnerable:	EmiratesHost EmiratesHost 1

Not Vulnerable:

Discussion

EmiratesHost Insecure Cookie Authentication Bypass Vulnerability

EmiratesHost is prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for cookie-based authentication.

Attackers can exploit this vulnerability to gain administrative access to the affected application, which may aid in further attacks.

Exploit / POC

EmiratesHost Insecure Cookie Authentication Bypass Vulnerability

Attackers can exploit these issues via a browser.

The following example data is available:

www.example.com/admin
javascript:document.cookie="login=right;path=/";

Solution / Fix

EmiratesHost Insecure Cookie Authentication Bypass Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]

References

EmiratesHost Insecure Cookie Authentication Bypass Vulnerability

References:

EmiratesHost Download Link (EmirateHost)