57 lines
No EOL
1.6 KiB
Text
57 lines
No EOL
1.6 KiB
Text
--==+================================================================================+==--
|
|
--==+ Multi-Page Comment System 1.1.0 Insecure Cookie Handling +==--
|
|
--==+================================================================================+==--
|
|
|
|
|
|
|
|
Discovered By: t0pP8uZz
|
|
Discovered On: 15 MAY
|
|
Script Download: http://tpvgames.co.uk/web/mpcs/
|
|
DORK: "(Multi-Page Comment System)"
|
|
|
|
|
|
|
|
Vendor Has Not Been Notified!
|
|
|
|
|
|
|
|
|
|
DESCRIPTION:
|
|
|
|
Multi-Page Comment System, suffers from insecure cookie handling, when a admin login is successfull the script creates
|
|
a cookie to show the rest of the admin area the user is already logged in. the bad thing is the cookie doesnt
|
|
contain any password or anything alike, therefor we can craft a admin cookie and make it look like we are
|
|
logged in as a legit admin.
|
|
|
|
the below javascript code will create a cookie, after pasting the code into your browser and running
|
|
on the affected domain, you can simply visit "/admin.php" and your admin.
|
|
|
|
|
|
|
|
Exploit:
|
|
|
|
javascript:document.cookie = "CommentSystemAdmin=1; path=/";
|
|
|
|
|
|
|
|
NOTE/TIP:
|
|
|
|
after pasting the above javascript code into your browser you can visit "/admin.php" to see your a admin.
|
|
|
|
(this just shows how many bad programmers are out there.)
|
|
|
|
|
|
|
|
GREETZ: milw0rm.com, h4ck-y0u.org, CipherCrew !
|
|
|
|
|
|
|
|
peace, t0pP8uZz
|
|
|
|
|
|
|
|
--==+================================================================================+==--
|
|
--==+ Multi-Page Comment System 1.1.0 Insecure Cookie Handling +==--
|
|
--==+================================================================================+==--
|
|
|
|
# milw0rm.com [2008-05-15] |