: New eVuln Advisory: : Cookie Auth Bypass in Hot Links SQL : http://evuln.com/vulns/140/summary.html Already discovered and disclosed: http://www.exploit-db.com/exploits/8684/ Published: 2009-05-14 : -----------------------[ Summary ]------------------------- : eVuln ID: EV0140 : Software: Hot Links SQL 3 : Vendor: Mrcgiguy : Version: 3.2.0 : Critical Level: high : Type: Authentication Bypass : Status: Unpatched. No reply from developer(s) : PoC: Available : Solution: Not available : Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ ) : -----------------------[ Description ]---------------------- : Cookie Auth Bypass vulnerability found in Hot Links SQL 3. : It is possible to get access to admin panel without password comparison. : --------PoC/Exploit-------- : PoC code is available at http://evuln.com/vulns/140/exploit.html : -----------------------[ Solution ]------------------------- : Not available : -----------------------[ Credit ]--------------------------- : Vulnerability discovered by Aliaksandr Hartsuyeu : http://evuln.com/tools.html - Web Security Tools :
