CVE-2009-0108

PHPAuctions - Unauthenticated Authentication Bypass via Cookie Manipulation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0108. PoCs published by ZoRLu.

AI-analyzed exploit summary This exploit demonstrates insecure cookie handling in PHPAuctionSystem, allowing an attacker to manipulate user session data via JavaScript. It sets arbitrary cookie values to impersonate a user, bypassing authentication.

Description

PHPAuctions (aka PHPAuctionSystem) allows remote attackers to bypass authentication and gain administrative access via modified (1) PHPAUCTION_RM_ID, (2) PHPAUCTION_RM_NAME, (3) PHPAUCTION_RM_USERNAME, and (4) PHPAUCTION_RM_EMAIL cookies.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ZoRLu · textwebappsphp

https://www.exploit-db.com/exploits/7674

View Code ZIP pw:eip

This exploit demonstrates insecure cookie handling in PHPAuctionSystem, allowing an attacker to manipulate user session data via JavaScript. It sets arbitrary cookie values to impersonate a user, bypassing authentication.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: PHPAuctionSystem (version unspecified)

No auth needed

Prerequisites: Victim must execute the JavaScript code (e.g., via XSS or social engineering)

MITRE ATT&CK