EXPLOITS

SiteCubed MailWorks Professional - Authentication Bypass

Author: Paul Craig
type: webapps
platform: php
port: 
date_added: 2004-09-02  
date_updated: 2013-03-04  
verified: 1  
codes: CVE-2004-1661;OSVDB-9559  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 24565.txt  

source: https://www.securityfocus.com/bid/11095/info

MailWorks Professional is reported prone to an authentication bypass vulnerability.

The application uses cookies to store variables that determine the status of the authentication process. An attacker browsing the web application using specially crafted cookie data is able to bypass the authentication process to access the site as an administrative user.

This vulnerability allows a remote attacker to gain administrative access to the affected application.

Cookie: auth=1; uId=1