https://www.exploit-db.com/exploits/24565
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200409-007

MailWorksProfessional是一款邮件列表管理应用程序。MailWorksProfessional在处理COOKIE认证实现中存在问题，远程攻击者可以利用这个漏洞绕过验证以管理员权限访问应用程序。攻击者可以更改COOKIE信息，把auth设置为1，而把uId设置为任何想要登录的用户，可以绕过MailWorksProfessional的验证访问应用程序。

source: http://www.securityfocus.com/bid/11095/info

MailWorks Professional is reported prone to an authentication bypass vulnerability.

The application uses cookies to store variables that determine the status of the authentication process. An attacker browsing the web application using specially crafted cookie data is able to bypass the authentication process to access the site as an administrative user.

This vulnerability allows a remote attacker to gain administrative access to the affected application.

Cookie: auth=1; uId=1

来源:XF
名称:mailworks-cookie-admin-access(17217)
链接:http://xforce.iss.net/xforce/xfdb/17217
来源:BID
名称:11095
链接:http://www.securityfocus.com/bid/11095
来源:SECUNIA
名称:12458
链接:http://secunia.com/advisories/12458
来源:BUGTRAQ
名称:20040902MailWorksProfessional-Authenticationbypass
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=109416709710447&w;=2