UAG-CMS Session Fixation

2014-03-20T00:00:00
ID PACKETSTORM:125794
Type packetstorm
Reporter Hossein Hezami
Modified 2014-03-20T00:00:00

Description

                                        
                                            `#######################################################################  
#  
# Exploit Title: UAG-CMS Session Fixation Script  
# Date: 2014 18 March  
# Author: Dr.3v1l  
# Vendor Homepage: http://julienetnel.github.io/inu/  
# Tested on: Windows  
# Category: webapps  
# Google Dork: intext:"UAG CMS"  
#  
#######################################################################  
#  
# [+] Exploit :  
#  
# http://<server>/UAG-CMS/admin/identification.php  
#  
# Discovered by: Scripting (Session_Fixation.script).  
#   
# Attack details :  
# Session cookie PHPSESSID was fixed to acunetixsessionfixation.  
#   
# Vulnerability description :  
#  
# Session Fixation is an attack that permits an attacker to hijack a valid user session.  
# The attack explores a limitation in the way the web application manages the session ID,  
# more specifically the vulnerable web application. When authenticating a user,  
# it doesn't assign a new session ID, making it possible to use an existent session ID.  
# The attack consists of inducing a user to authenticate himself with a known session ID,  
# and then hijacking the user-validated session by the knowledge of the used session ID.  
# The attacker has to provide a legitimate Web application session ID and try to make the victim's browser use it.  
#  
#######################################################################  
#  
# [+] Contact Me :  
#  
# B.Devils.B@gmail.com  
# Twitter.com/Doctor_3v1l  
# Facebook.com/bdb.0web  
# Facebook.com/groups/1427166220843499/  
# IR.linkedin.com/in/hossein3v1l  
# Hossein Hezami - Black_Devils B0ys  
#  
#######################################################################  
# B.Devils.B Friends , R.H.H (UnderGround) , IeDB.IR , IrSecTeam  
#######################################################################  
`