CVE-2008-4600

PokerMax Poker League Tournament Script 0.13 - Unauthenticated Authentication Bypass via ValidUserAdmin Cookie

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4600. PoCs published by DaRkLiFe.

AI-analyzed exploit summary This exploit leverages insecure cookie handling in PokerMax Poker League to bypass authentication by setting the 'ValidUserAdmin' cookie to 'admin'. It allows an attacker to gain administrative access without credentials.

Description

configure.php in PokerMax Poker League Tournament Script 0.13 allows remote attackers to bypass authentication and gain administrative access by setting the ValidUserAdmin cookie.

Exploits (1)

exploitdb WORKING POC VERIFIED

by DaRkLiFe · textwebappsphp

https://www.exploit-db.com/exploits/6766

View Code ZIP pw:eip

This exploit leverages insecure cookie handling in PokerMax Poker League to bypass authentication by setting the 'ValidUserAdmin' cookie to 'admin'. It allows an attacker to gain administrative access without credentials.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: PokerMax Poker League (version not specified)

No auth needed

Prerequisites: Access to the target site's login page · Knowledge of the administrator username (default: 'admin')

MITRE ATT&CK