Vulnerabilities > CVE-2004-2443 - Unspecified vulnerability in Jaws 0.2/0.3
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN jaws
exploit available
Summary
Jaws 0.3 allows remote attackers to bypass authentication and via an HTTP request to admin.php with the logged cookie set to the MD5 hash of a null password, which is compared against the logged session variable by the logged_on function in application.php.
Exploit-Db
| description | JAWS 0.2/0.3 Cookie Manipulation Authentication Bypass. CVE-2004-2443. Webapps exploit for php platform |
| id | EDB-ID:24256 |
| last seen | 2016-02-02 |
| modified | 2004-07-06 |
| published | 2004-07-06 |
| reporter | Fernando Quintero |
| source | https://www.exploit-db.com/download/24256/ |
| title | JAWS 0.2/0.3 Cookie Manipulation Authentication Bypass |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0226.html
- http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0226.html
- http://securitytracker.com/id?1010651
- http://securitytracker.com/id?1010651
- http://www.osvdb.org/7724
- http://www.osvdb.org/7724
- http://www.securityfocus.com/bid/10670
- http://www.securityfocus.com/bid/10670
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16622
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16622