CVE-2009-1854

Million Dollar Text Links 1.0 - Unauthenticated Authentication Bypass via userid Cookie

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1854. PoCs published by HxH.

AI-analyzed exploit summary This exploit demonstrates an insecure cookie handling vulnerability in Million Dollar Text Links 1.0, allowing an attacker to bypass authentication by setting a 'userid' cookie via JavaScript.

Description

Million Dollar Text Links 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the userid cookie to 1.

Exploits (1)

exploitdb WORKING POC VERIFIED

by HxH · textwebappsphp

https://www.exploit-db.com/exploits/8813

View Code ZIP pw:eip

This exploit demonstrates an insecure cookie handling vulnerability in Million Dollar Text Links 1.0, allowing an attacker to bypass authentication by setting a 'userid' cookie via JavaScript.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Million Dollar Text Links 1.0

No auth needed

Prerequisites: Access to a victim's browser session to execute JavaScript

MITRE ATT&CK

T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/8813

Scores

EPSS 0.0243

EPSS Percentile 82.1%

Details

CWE

CWE-287

Status published

Products (1)

cmsnx/million_dollar_text_links 1.0

Published Jun 01, 2009

Tracked Since Feb 18, 2026