CVE-2007-4419

Olate Download (od) 3.4.1 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4419. PoCs published by imei.

AI-analyzed exploit summary This exploit leverages an authentication bypass vulnerability in Olate Download by providing a crafted cookie value. The cookie bypasses authentication and grants administrative access to the application.

Description

Admin.php in Olate Download (od) 3.4.1 uses an MD5 hash of the admin username, user id, and group id, to compose the OD3_AutoLogin authentication cookie, which makes it easier for remote attackers to guess the cookie and access the Admin area.

Exploits (1)

exploitdb WORKING POC VERIFIED

by imei · textwebappsphp

https://www.exploit-db.com/exploits/30504

View Code ZIP pw:eip

This exploit leverages an authentication bypass vulnerability in Olate Download by providing a crafted cookie value. The cookie bypasses authentication and grants administrative access to the application.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Olate Download versions prior to 3.4.2

No auth needed

Prerequisites: Access to the target application's cookie mechanism

MITRE ATT&CK