Cookie Auth Bypass in Hot Links SQL
- Cookie Auth Bypass in Hot Links SQL
- Last Update
- n/a n/a
- Risk Level
- Authentication Bypass
- Unpatched. Vendor notified. No reply from developer(s)
- Mrcgiguy (http://www.mrcgiguy.com/)
- Vulnerable Software
- Hot Links SQL 3
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Authentication Bypass found in Hot Links SQL 3 script.
- Auth Bypass
- cookie Auth Bypass vulnerability found in Hot Links SQL 3. It is possible to get access to admin panel without password comparison.
- Auth Bypass Exploit
- There is no password comparison during authentication process. Actually script checks only admin cookie. If it's value is logged in user is authenticated as Admin.
Cookie: admin=logged in
Solution for "Cookie Auth Bypass in Hot Links SQL" is not available. Check Mrcgiguy website for updates.
Order Source Code Review
Protect against attacks by source code review of your site done by eVuln team.The work will be done by experts in web security.