Hot Links SQL 3.2.0 Administrative Bypass

Type packetstorm
Reporter Aliaksandr Hartsuyeu
Modified 2010-11-20T00:00:00


                                            `New eVuln Advisory:  
Cookie Auth Bypass in Hot Links SQL   
-----------------------[ Summary ]-------------------------  
eVuln ID: EV0140  
Software: Hot Links SQL 3  
Vendor: Mrcgiguy  
Version: 3.2.0  
Critical Level: high  
Type: Authentication Bypass  
Status: Unpatched. No reply from developer(s)  
PoC: Available  
Solution: Not available  
Discovered by: Aliaksandr Hartsuyeu ( )  
-----------------------[ Description ]----------------------  
Cookie Auth Bypass vulnerability found in Hot Links SQL 3.   
It is possible to get access to admin panel without password comparison.  
Auth Bypass Exploit  
There is no password comparison during authentication process. Actually script checks only admin cookie. If it's value is logged in user is authenticated as Admin.  
Cookie: admin=logged in  
-----------------------[ Solution ]-------------------------  
Not available  
-----------------------[ Credit ]---------------------------  
Vulnerability discovered by Aliaksandr Hartsuyeu - Web Security Tools