CVE-2008-6269

Joovili 3.1.4 - Unauthenticated Authentication Bypass via Cookie Manipulation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6269. PoCs published by ZoRLu.

AI-analyzed exploit summary This exploit demonstrates insecure cookie handling in Joovili Script 3.1.4, allowing an attacker to bypass authentication by manually setting session cookies via JavaScript. The PoC provides specific cookie values for different user roles (admin, user, staff).

Description

Joovili 3.1.4 allows remote attackers to bypass authentication and gain privileges as other users, including the administrator, by setting the (1) session_id, session_logged_in, and session_username cookies for user privileges; (2) session_admin_id, session_admin_username, and session_admin cookies for admin privileges; and (3) session_staff_id, session_staff_username, and session_staff cookies for staff users.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ZoRLu · textwebappsphp

https://www.exploit-db.com/exploits/6955

View Code ZIP pw:eip

This exploit demonstrates insecure cookie handling in Joovili Script 3.1.4, allowing an attacker to bypass authentication by manually setting session cookies via JavaScript. The PoC provides specific cookie values for different user roles (admin, user, staff).

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Joovili Script 3.1.4

No auth needed

Prerequisites: Access to the target application's login page · JavaScript execution in the victim's browser

MITRE ATT&CK