58 lines
No EOL
1.6 KiB
Text
58 lines
No EOL
1.6 KiB
Text
--==+================================================================================+==--
|
|
--==+ Web Slider <= 0.6 Insecure Cookie/Authentication Handling +==--
|
|
--==+================================================================================+==--
|
|
|
|
|
|
|
|
Discovered By: t0pP8uZz
|
|
Discovered On: 15 MAY 2008
|
|
Script Download: http://sourceforge.net/projects/webslider/
|
|
DORK: N/A
|
|
|
|
|
|
|
|
Vendor Has Not Been Notified!
|
|
|
|
|
|
|
|
DESCRIPTION:
|
|
|
|
Web Slider 1.6 (and prior), suffers from insecure cookie handling, when a admin logs in successfully a
|
|
cookie is created so admin doesnt have to login everypage, the bad thing is the coding is poor and the script
|
|
only checks to see if the cookie exists, it doesnt contain any password or anything.
|
|
|
|
so all we need to do is create a cookie so it makes us look like admin, the below javascript will do just that.
|
|
|
|
|
|
|
|
Exploit:
|
|
|
|
javascript:document.cookie = "admin=1; path=/";
|
|
|
|
|
|
|
|
NOTE/TIP:
|
|
|
|
after pasting the above javascript code in your browser on a affected domain, you will be able to goto
|
|
"/admin.php" and access it as if you were a admin.
|
|
|
|
this should come to your attention how many web-developers are very bad coders. and leave massive
|
|
easy-to-fix holes like this in there scripts.
|
|
|
|
just remember when downloading a file of any kind to read through its source, and make sure its secure
|
|
|
|
|
|
|
|
GREETZ: milw0rm.com, h4ck-y0u.org, CipherCrew !
|
|
|
|
|
|
|
|
peace, t0pP8uZz
|
|
|
|
|
|
|
|
--==+================================================================================+==--
|
|
--==+ Web Slider <= 0.6 Insecure Cookie/Authentication Handling +==--
|
|
--==+================================================================================+==--
|
|
|
|
# milw0rm.com [2008-05-15] |