Hot Links SQL 3.2.0 Administrative Bypass

2010-11-20T00:00:00
ID PACKETSTORM:96007
Type packetstorm
Reporter Aliaksandr Hartsuyeu
Modified 2010-11-20T00:00:00

Description

                                        
                                            `New eVuln Advisory:  
Cookie Auth Bypass in Hot Links SQL  
http://evuln.com/vulns/140/summary.html   
  
-----------------------[ Summary ]-------------------------  
eVuln ID: EV0140  
Software: Hot Links SQL 3  
Vendor: Mrcgiguy  
Version: 3.2.0  
Critical Level: high  
Type: Authentication Bypass  
Status: Unpatched. No reply from developer(s)  
PoC: Available  
Solution: Not available  
Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ )  
-----------------------[ Description ]----------------------  
Cookie Auth Bypass vulnerability found in Hot Links SQL 3.   
It is possible to get access to admin panel without password comparison.  
--------PoC/Exploit--------  
  
Auth Bypass Exploit  
  
There is no password comparison during authentication process. Actually script checks only admin cookie. If it's value is logged in user is authenticated as Admin.  
  
Cookie: admin=logged in  
  
-----------------------[ Solution ]-------------------------  
Not available  
-----------------------[ Credit ]---------------------------  
Vulnerability discovered by Aliaksandr Hartsuyeu  
http://evuln.com/tools.html - Web Security Tools  
`