Cookie authentication bypass in Alguest

Description

Authentication Bypass found in Alguest (http://sourceforge.net/projects/alguest/) script.

Cookie Authentication Bypass

Cookie-based authentication lack is present in admin.php, opzioni.php, elimina.php, modifica.php scripts. Administration functions are threatened

PoC/Exploit

Cookie Auth Bypass

There is no real password comparison for admin user. Administration scripts check only existence of admin cookie.

Cookie: admin=anyvalue

Solution.

Solution for "Cookie authentication bypass in Alguest" is not available. Check vendor's website for updates.

Company

• PC Evuln.com / II Evuln.com
• Email:
• skype: evuln.com
• Phone: +37068935936

Services

• Hack Repair
• Hack Insurance
• External Monitoring
• Pricing
• Partner Program

eVuln Labs

• Scanner Statistics
• eVuln Advisories
• Fixing Guide

eVuln Tools

• Malware Scanner
• PHP Code Scanner
• HTTP Packet Generator
• XSS String Encoder
• SQL String Encoder