CVE-2008-7024

Arz Development The Gemini Portal <= 4.7 - Unauthenticated Authentication Bypass via Cookie Manipulation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-7024. PoCs published by Pepelux.

AI-analyzed exploit summary This exploit demonstrates an insecure cookie handling vulnerability in The Gemini Portal <= 4.7, allowing an attacker to bypass authentication by setting a cookie and accessing admin functionality via URL parameter manipulation.

Description

admin.php in Arz Development The Gemini Portal 4.7 and earlier allows remote attackers to bypass authentication and gain administrator privileges by setting the user cookie to "admin" and setting the name parameter to "users."

Exploits (1)

exploitdb WORKING POC VERIFIED

by Pepelux · textwebappsphp

https://www.exploit-db.com/exploits/6584

View Code ZIP pw:eip

This exploit demonstrates an insecure cookie handling vulnerability in The Gemini Portal <= 4.7, allowing an attacker to bypass authentication by setting a cookie and accessing admin functionality via URL parameter manipulation.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: The Gemini Portal <= 4.7

No auth needed

Prerequisites: Access to the target application · Ability to modify cookies

MITRE ATT&CK