CVE-2008-2682

Realm CMS 2.3 - Unauthenticated Authentication Bypass via Cookie Manipulation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2682. PoCs published by BugReport.IR.

AI-analyzed exploit summary This is a detailed technical writeup describing multiple vulnerabilities in Realm CMS 2.3 and prior, including broken authentication via cookie manipulation, SQL injection in the 'KeyWordsList' function, and XSS/DB path disclosure in '/cms/_db/compact.asp'. It provides specific exploit details and mitigation steps.

Description

_RealmAdmin/login.asp in Realm CMS 2.3 and earlier allows remote attackers to bypass authentication and access admin pages via certain modified cookies, probably including (1) cUserRole, (2) cUserName, and (3) cUserID.

Exploits (1)

exploitdb WRITEUP VERIFIED

by BugReport.IR · textwebappsphp

https://www.exploit-db.com/exploits/5766

View Code ZIP pw:eip

This is a detailed technical writeup describing multiple vulnerabilities in Realm CMS 2.3 and prior, including broken authentication via cookie manipulation, SQL injection in the 'KeyWordsList' function, and XSS/DB path disclosure in '/cms/_db/compact.asp'. It provides specific exploit details and mitigation steps.

Classification

Writeup 90%

Attack Type

Auth Bypass | Sqli | Xss | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Realm CMS 2.3 and prior

No auth needed

Prerequisites: Access to the target application · Ability to manipulate cookies and HTTP requests

MITRE ATT&CK