CVE-2002-0539

Demarc PureSecure 1.05 - SQL Injection via s_key Cookie

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0539. PoCs published by pokleyzz sakamaniaka.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Demarc PureSecure by manipulating the 's_key' cookie to bypass authentication. The crafted curl command injects SQL to match any session ID, potentially granting administrative access.

Description

Demarc PureSecure 1.05 allows remote attackers to gain administrative privileges via a SQL injection attack in a session ID that is stored in the s_key cookie.

Exploits (1)

exploitdb WORKING POC VERIFIED

by pokleyzz sakamaniaka · textremotemultiple

https://www.exploit-db.com/exploits/21384

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in Demarc PureSecure by manipulating the 's_key' cookie to bypass authentication. The crafted curl command injects SQL to match any session ID, potentially granting administrative access.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Demarc PureSecure (versions unspecified)

No auth needed

Prerequisites: Network access to the target Demarc PureSecure instance · Demarc PureSecure running a vulnerable version

MITRE ATT&CK