lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <alpine.LNX.2.00.1104052016590.3407@forced.attrition.org>
Date: Tue, 5 Apr 2011 20:17:38 -0500 (CDT)
From: security curmudgeon <jericho@...rition.org>
To: bt@...ln.com
Cc: bugtraq@...urityfocus.com
Subject: Re: [eVuln.com] Cookie Auth Bypass in Hot Links SQL


: New eVuln Advisory:
: Cookie Auth Bypass in Hot Links SQL
: http://evuln.com/vulns/140/summary.html 

Already discovered and disclosed:

http://www.exploit-db.com/exploits/8684/

Published: 2009-05-14


: -----------------------[ Summary ]-------------------------
: eVuln ID: EV0140
: Software: Hot Links SQL 3
: Vendor: Mrcgiguy
: Version: 3.2.0
: Critical Level: high
: Type: Authentication Bypass
: Status: Unpatched. No reply from developer(s)
: PoC: Available
: Solution: Not available
: Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ )
: -----------------------[ Description ]----------------------
: Cookie Auth Bypass vulnerability found in Hot Links SQL 3. 
: It is possible to get access to admin panel without password comparison.
: --------PoC/Exploit--------
: PoC code is available at http://evuln.com/vulns/140/exploit.html 
: -----------------------[ Solution ]-------------------------
: Not available
: -----------------------[ Credit ]---------------------------
: Vulnerability discovered by Aliaksandr Hartsuyeu
: http://evuln.com/tools.html - Web Security Tools
: 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ