CVE-2008-5125

CCleague Pro 1.2 - Unauthenticated Authentication Bypass via Type Cookie

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5125. PoCs published by t0pP8uZz.

AI-analyzed exploit summary This exploit demonstrates an insecure cookie authentication vulnerability in CCLeague Pro <= 1.2. By manipulating cookies via JavaScript, an attacker can bypass authentication and gain admin access. The exploit also highlights a secondary SQL injection vulnerability if magic quotes are disabled.

Description

admin.php in CCleague Pro 1.2 allows remote attackers to bypass authentication by setting the type cookie value to admin.

Exploits (1)

exploitdb WORKING POC VERIFIED

by t0pP8uZz · textwebappsphp

https://www.exploit-db.com/exploits/5888

View Code ZIP pw:eip

This exploit demonstrates an insecure cookie authentication vulnerability in CCLeague Pro <= 1.2. By manipulating cookies via JavaScript, an attacker can bypass authentication and gain admin access. The exploit also highlights a secondary SQL injection vulnerability if magic quotes are disabled.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: CCLeague Pro <= 1.2

No auth needed

Prerequisites: Access to a vulnerable CCLeague Pro installation · Knowledge of an admin email address

MITRE ATT&CK