Skip to content
This repository has been archived by the owner on Dec 18, 2022. It is now read-only.
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
cve-pocs/CVE-2022-26281/
cve-pocs/CVE-2022-26281/

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 

Vulnerability

BigAnt Server Version 5.6.06 suffers from Sensitive Cookie Without 'HttpOnly' Flag

Prerequisites

None

Exploit

Administrator PHP Session ID does not have HttpOnly or Secure checked

Timeline

12-01-2021: Submitted vulnerabilities to vendor via email
12-01-2021: Vendor responded asking for more details
12-02-2021: Responded to vendor with additional details
12-02-2021: Vendor responded stating looking into vulnerabilities
12-29-2021: Emailed vendor, no response
01-11-2022: Emailed vendor, no response
01-12-2022: Requested CVEs
01-28-2022: CVEs assigned, no response from vendor
02-26-2022: Emailed vendor, no response
03-28-2022: PoC/CVE published

Reference

MITRE CVE-2022-26281
BigAnt Software

Disclaimer

Content is for educational and research purposes only. Author doesn’t hold any responsibility over the misuse of the software, exploits or security findings contained herein and does not condone them whatsoever.