CVE-2008-6939

TurnkeyForms Web Hosting Directory - Unauthenticated Authentication Bypass via Cookie Manipulation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6939. PoCs published by G4N0K.

AI-analyzed exploit summary This is a technical writeup detailing multiple vulnerabilities in Turnkeyforms Web Hosting Directory, including insecure cookie handling, arbitrary database backup, and SQL injection authentication bypass. It provides code snippets and exploitation steps but does not include functional exploit code.

Description

TurnkeyForms Web Hosting Directory allows remote attackers to bypass authentication and (1) gain administrative privileges by setting the adm cookie to 1 or (2) gain privileges as another user by setting the logged cookie to the target username.

Exploits (1)

exploitdb WRITEUP VERIFIED

by G4N0K · textwebappsphp

https://www.exploit-db.com/exploits/7107

View Code ZIP pw:eip

This is a technical writeup detailing multiple vulnerabilities in Turnkeyforms Web Hosting Directory, including insecure cookie handling, arbitrary database backup, and SQL injection authentication bypass. It provides code snippets and exploitation steps but does not include functional exploit code.

Classification

Writeup 90%

Attack Type

Auth Bypass | Sqli | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Turnkeyforms Web Hosting Directory

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK