CVE-2006-0153

427BB 2.2 and 2.2.1 - Authentication Bypass via Cookie Manipulation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0153. PoCs published by Aliaksandr Hartsuyeu.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass vulnerability in 427BB versions 2.2 and 2.2.1 by manipulating cookie data to gain administrative access. The PoC provides specific cookie values to exploit the improper validation of user-supplied data.

Description

427BB 2.2 and 2.2.1 verifies authentication credentials based on the username, authenticated, and usertype cookies, which allows remote attackers to bypass authentication by using a valid username and usertype and setting the authenticated cookie.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Aliaksandr Hartsuyeu · textwebappsphp

https://www.exploit-db.com/exploits/27054

View Code ZIP pw:eip

This exploit demonstrates an authentication bypass vulnerability in 427BB versions 2.2 and 2.2.1 by manipulating cookie data to gain administrative access. The PoC provides specific cookie values to exploit the improper validation of user-supplied data.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: 427BB 2.2, 2.2.1

No auth needed

Prerequisites: Access to the target application's cookie manipulation

MITRE ATT&CK