- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 34343
- Проверка EDB
-
- Пройдено
- Автор
- CP77FK4R
- Тип уязвимости
- WEBAPPS
- Платформа
- ASP
- CVE
- N/A
- Дата публикации
- 2007-12-17
MOJO IWms 7 - 'default.asp' Cookie Manipulation
Код:
source: https://www.securityfocus.com/bid/41746/info
MOJO IWMS is prone to a cookie-manipulation vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting this vulnerability could allow an attacker to masquerade as another user. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
MOJO IWMS 7 is vulnerable; other versions may also be affected.
The following example URI is available:
http://www.example.com/upload/default.asp?mode=wrong&ERRMSG=%3Cmeta+http-equiv='Set-cookie'+content='[Cookie-Name]=[Cookie-Value]'%3E- Источник
- www.exploit-db.com
