Audins Audiens 3.3 - 'unistall.php' Authentication Bypass

EDB-ID:

29676


Author:

r00t

Type:

webapps


Platform:

PHP

Date:

2007-02-26


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

Audins Audiens is prone to multiple input-validation vulnerabilities, including SQL-injection issues and a cross-site scripting issue, because the application fails to sufficiently sanitize user-supplied input.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, retrieve and overwrite sensitive information, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

Audins Audiens version 3.3 is vulnerable; other versions may also be affected. 

http://www.example.com/[path]/unistall.php?cnf=disinstalla&status=on