Search...

UAG-CMS Session Fixation

2014-03-20T00:00:00

ID PACKETSTORM:125794
Type packetstorm
Reporter Hossein Hezami
Modified 2014-03-20T00:00:00

Description

                                        
                                            `#######################################################################  
#  
# Exploit Title: UAG-CMS Session Fixation Script  
# Date: 2014 18 March  
# Author: Dr.3v1l  
# Vendor Homepage: http://julienetnel.github.io/inu/  
# Tested on: Windows  
# Category: webapps  
# Google Dork: intext:"UAG CMS"  
#  
#######################################################################  
#  
# [+] Exploit :  
#  
# http://&lt;server&gt;/UAG-CMS/admin/identification.php  
#  
# Discovered by: Scripting (Session_Fixation.script).  
#   
# Attack details :  
# Session cookie PHPSESSID was fixed to acunetixsessionfixation.  
#   
# Vulnerability description :  
#  
# Session Fixation is an attack that permits an attacker to hijack a valid user session.  
# The attack explores a limitation in the way the web application manages the session ID,  
# more specifically the vulnerable web application. When authenticating a user,  
# it doesn't assign a new session ID, making it possible to use an existent session ID.  
# The attack consists of inducing a user to authenticate himself with a known session ID,  
# and then hijacking the user-validated session by the knowledge of the used session ID.  
# The attacker has to provide a legitimate Web application session ID and try to make the victim's browser use it.  
#  
#######################################################################  
#  
# [+] Contact Me :  
#  
# B.Devils.B@gmail.com  
# Twitter.com/Doctor_3v1l  
# Facebook.com/bdb.0web  
# Facebook.com/groups/1427166220843499/  
# IR.linkedin.com/in/hossein3v1l  
# Hossein Hezami - Black_Devils B0ys  
#  
#######################################################################  
# B.Devils.B Friends , R.H.H (UnderGround) , IeDB.IR , IrSecTeam  
#######################################################################  
`

JSON Vulners Source

Initial Source

{"id": "PACKETSTORM:125794", "type": "packetstorm", "bulletinFamily": "exploit", "title": "UAG-CMS Session Fixation", "description": "", "published": "2014-03-20T00:00:00", "modified": "2014-03-20T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://packetstormsecurity.com/files/125794/UAG-CMS-Session-Fixation.html", "reporter": "Hossein Hezami", "references": [], "cvelist": [], "lastseen": "2016-11-03T10:21:06", "viewCount": 4, "enchantments": {"score": {"value": -0.6, "vector": "NONE", "modified": "2016-11-03T10:21:06", "rev": 2}, "dependencies": {"references": [], "modified": "2016-11-03T10:21:06", "rev": 2}, "vulnersScore": -0.6}, "sourceHref": "https://packetstormsecurity.com/files/download/125794/uagcms-fixation.txt", "sourceData": "`####################################################################### \n# \n# Exploit Title: UAG-CMS Session Fixation Script \n# Date: 2014 18 March \n# Author: Dr.3v1l \n# Vendor Homepage: http://julienetnel.github.io/inu/ \n# Tested on: Windows \n# Category: webapps \n# Google Dork: intext:\"UAG CMS\" \n# \n####################################################################### \n# \n# [+] Exploit : \n# \n# http://<server>/UAG-CMS/admin/identification.php \n# \n# Discovered by: Scripting (Session_Fixation.script). \n# \n# Attack details : \n# Session cookie PHPSESSID was fixed to acunetixsessionfixation. \n# \n# Vulnerability description : \n# \n# Session Fixation is an attack that permits an attacker to hijack a valid user session. \n# The attack explores a limitation in the way the web application manages the session ID, \n# more specifically the vulnerable web application. When authenticating a user, \n# it doesn't assign a new session ID, making it possible to use an existent session ID. \n# The attack consists of inducing a user to authenticate himself with a known session ID, \n# and then hijacking the user-validated session by the knowledge of the used session ID. \n# The attacker has to provide a legitimate Web application session ID and try to make the victim's browser use it. \n# \n####################################################################### \n# \n# [+] Contact Me : \n# \n# B.Devils.B@gmail.com \n# Twitter.com/Doctor_3v1l \n# Facebook.com/bdb.0web \n# Facebook.com/groups/1427166220843499/ \n# IR.linkedin.com/in/hossein3v1l \n# Hossein Hezami - Black_Devils B0ys \n# \n####################################################################### \n# B.Devils.B Friends , R.H.H (UnderGround) , IeDB.IR , IrSecTeam \n####################################################################### \n`\n"}