CVE-2009-2003

Ascad Networks Password Protector SD <1.3.1 - Auth Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-2003. PoCs published by G4N0K, Mr.tro0oqy.

AI-analyzed exploit summary This exploit demonstrates insecure cookie handling in multiple Ascad Networks products, allowing an attacker to bypass authentication by setting specific cookie values via JavaScript. The PoC provides direct cookie manipulation steps for each vulnerable product.

Description

Ascad Networks Password Protector SD 1.3.1 allows remote attackers to bypass authentication and gain administrative access by setting the (1) c7portal and (2) cookname cookies to "admin."

Exploits (2)

exploitdb WORKING POC VERIFIED
by G4N0K · textwebappsphp
https://www.exploit-db.com/exploits/8675

This exploit demonstrates insecure cookie handling in multiple Ascad Networks products, allowing an attacker to bypass authentication by setting specific cookie values via JavaScript. The PoC provides direct cookie manipulation steps for each vulnerable product.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Ascad Networks (c7 Portal <= v1.1.0, Password Protector SD v2, Form Processor Gold, Guestbook Creator v1.5, Mini Forum v1.0.1)
No auth needed
Prerequisites: Access to the target application's login page · Ability to execute JavaScript in the victim's browser
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Mr.tro0oqy · textwebappsphp
https://www.exploit-db.com/exploits/8668

This exploit demonstrates an insecure cookie handling vulnerability in Password Protector SD v1.3.1, allowing an attacker to bypass authentication by setting specific cookie values via JavaScript.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Password Protector SD v1.3.1
No auth needed
Prerequisites: Access to the target application's login page · Ability to execute JavaScript in the victim's browser
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8668
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/34930

Scores

EPSS 0.0251
EPSS Percentile 82.7%

Details

CWE
CWE-287
Status published
Products (1)
ascadnetworks/password_protector_sd 1.3.1
Published Jun 08, 2009
Tracked Since Feb 18, 2026