bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/5615.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

54 lines
No EOL
1.4 KiB
Text
Raw Permalink Blame History

--==+================================================================================+==--
--==+ AS-GasTracker 1.0.0 Insecure Cookie Handling Vulnerability +==--
--==+================================================================================+==--
Discovered By: t0pP8uZz
Discovered On: 14 MAY 2008
Script Download: N/A
DORK: N/A
Vendor Has Not Been Notified!
DESCRIPTION:
AS-GasTracker 1.0.0 suffers from Insecure Cookie Handling, when a admin cookie is created its set to "TRUE"
if user is admin and "FALSE" if it isnt. so all we need to do is create a cookie that resembles the one
AS-GasTracker uses. the cookie name being "gastracker_admin".
the javascript code below will create a cookie on the domain its ran on, so simply type the javascript below
into Firefox/Netscape, then visit /admin/
Vulnerability:
javascript:document.cookie = "gastracker_admin=TRUE; path=/";
NOTE/TIP:
after running the javascript code in your browser on the vulnerable domain, browse to /admin/ and you will have
access.
GREETZ: milw0rm.com, h4ck-y0u.org, CipherCrew !
peace, t0pP8uZz
--==+================================================================================+==--
--==+ AS-GasTracker 1.0.0 Insecure Cookie Handling Vulnerability +==--
--==+================================================================================+==--
# milw0rm.com [2008-05-14]
Reference in a new issue View git blame Copy permalink