CVE-2008-6294

Acc Statistics 1.1 - Unauthenticated Authentication Bypass via username_cookie

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2008-6294. PoCs published by Hakxer, x0r.

AI-analyzed exploit summary This exploit demonstrates an insecure cookie handling vulnerability in AccStatistics v1.1, allowing an attacker to set the 'username_cookie' to 'admin' via JavaScript, bypassing authentication.

Description

admin/Index.php in Acc Statistics 1.1 allows remote attackers to bypass authentication and gain administrative access by setting the username_cookie cookie to "admin."

Exploits (3)

exploitdb WORKING POC VERIFIED

by Hakxer · textwebappsphp

https://www.exploit-db.com/exploits/6965

View Code ZIP pw:eip

This exploit demonstrates an insecure cookie handling vulnerability in AccStatistics v1.1, allowing an attacker to set the 'username_cookie' to 'admin' via JavaScript, bypassing authentication.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: AccStatistics v1.1

No auth needed

Prerequisites: Access to the target's admin login page · Ability to execute JavaScript in the victim's browser

MITRE ATT&CK

T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Hakxer · textwebappsphp

https://www.exploit-db.com/exploits/6964

View Code ZIP pw:eip

This exploit demonstrates an insecure cookie handling vulnerability in Acc Real Estate v4.0, allowing an attacker to bypass authentication by setting the 'username_cookie' to 'admin' via JavaScript. The PoC is functional and directly exploits the vulnerability by manipulating the cookie value.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Acc Real Estate v4.0

No auth needed

Prerequisites: Access to the target application's admin login page

MITRE ATT&CK

T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 18, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by x0r · textwebappsphp

https://www.exploit-db.com/exploits/6968

View Code ZIP pw:eip

This exploit demonstrates an insecure cookie handling vulnerability in Acc Autos v4.0, allowing an attacker to bypass authentication by setting specific cookie values via JavaScript. The exploit is trivial and reliable, requiring no prior authentication.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Acc Autos v4.0

No auth needed

Prerequisites: Access to the target application's login page

MITRE ATT&CK

T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/6965

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/46292

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/32078

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32517

Scores

EPSS 0.0274

EPSS Percentile 84.2%

Details

CWE

CWE-264

Status published

Products (1)

accscripts/acc_statistics 1.1

Published Feb 26, 2009

Tracked Since Feb 18, 2026