CVE-2009-1283

glFusion < 1.1.3 - Unauthenticated Privilege Escalation via Password Hash Cookie

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1283. PoCs published by Nine:Situations:Group.

AI-analyzed exploit summary This exploit targets a blind SQL injection vulnerability in glFusion <= 1.1.2 via the COM_applyFilter() function in session handling. It uses time-based techniques to extract admin hashes from the database.

Description

glFusion before 1.1.3 performs authentication with a user-provided password hash instead of a password, which allows remote attackers to gain privileges by obtaining the hash and using it in the glf_password cookie, aka "User Masquerading." NOTE: this can be leveraged with a separate SQL injection vulnerability to steal hashes.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Nine:Situations:Group · phpwebappsphp

https://www.exploit-db.com/exploits/8347

View Code ZIP pw:eip

This exploit targets a blind SQL injection vulnerability in glFusion <= 1.1.2 via the COM_applyFilter() function in session handling. It uses time-based techniques to extract admin hashes from the database.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: glFusion <= 1.1.2

Auth required

Prerequisites: Valid user credentials · MySQL >= 5.0.12 with SLEEP() function

MITRE ATT&CK