CVE-2008-6292

Acc Autos 4.0 - Unauthenticated Authentication Bypass via Cookie Manipulation

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2008-6292. PoCs published by x0r.

AI-analyzed exploit summary This exploit demonstrates an insecure cookie handling vulnerability in Acc Autos v4.0, allowing an attacker to bypass authentication by setting specific cookie values via JavaScript. The exploit is trivial and reliable, requiring no prior authentication.

Description

Acc Autos 4.0 allows remote attackers to bypass authentication and gain administrative access by setting the (1) username_cookie to "admin," (2) right_cookie to "1," and (3) id_cookie to "1."

Exploits (3)

exploitdb WORKING POC VERIFIED

by x0r · textwebappsphp

https://www.exploit-db.com/exploits/6968

View Code ZIP pw:eip

This exploit demonstrates an insecure cookie handling vulnerability in Acc Autos v4.0, allowing an attacker to bypass authentication by setting specific cookie values via JavaScript. The exploit is trivial and reliable, requiring no prior authentication.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Acc Autos v4.0

No auth needed

Prerequisites: Access to the target application's login page

MITRE ATT&CK

T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 18, 2026 Full analysis →

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/6965

View Code ZIP pw:eip

The exploit demonstrates an insecure cookie handling vulnerability in AccStatistics v1.1, allowing an attacker to set the 'username_cookie' to 'admin' via JavaScript, bypassing authentication. The PoC is functional and directly exploits the vulnerability by manipulating the cookie value.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: AccStatistics v1.1

No auth needed

Prerequisites: Access to the target application's admin panel URL

MITRE ATT&CK

T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 19, 2026 Full analysis →

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/6964

View Code ZIP pw:eip

This exploit demonstrates an insecure cookie handling vulnerability in Acc Real Estate v4.0, allowing an attacker to bypass authentication by setting the 'username_cookie' to 'admin' via JavaScript. The PoC is functional and directly exploits the flaw by manipulating the cookie value.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Acc Real Estate v4.0

No auth needed

Prerequisites: Access to the target's admin login page · Ability to execute JavaScript in the victim's browser

MITRE ATT&CK

T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/6968

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/46287

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32517

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/32083

Scores

EPSS 0.0274

EPSS Percentile 84.2%

Details

CWE

CWE-264

Status published

Products (1)

accscripts/acc_autos 4.0

Published Feb 26, 2009

Tracked Since Feb 18, 2026