AS-GasTracker 1.0.0 Insecure Cookie Handling Vulnerability

2008-05-14T00:00:00
ID 1337DAY-ID-3015
Type zdt
Reporter t0pP8uZz
Modified 2008-05-14T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ==========================================================
AS-GasTracker 1.0.0 Insecure Cookie Handling Vulnerability
==========================================================




--==+================================================================================+==--
--==+          AS-GasTracker 1.0.0 Insecure Cookie Handling Vulnerability	     +==--
--==+================================================================================+==--



Discovered By: t0pP8uZz
Discovered On: 14 MAY 2008
Script Download: N/A
DORK: N/A



Vendor Has Not Been Notified!



DESCRIPTION: 

AS-GasTracker 1.0.0 suffers from Insecure Cookie Handling, when a admin cookie is created its set to "TRUE"
if user is admin and "FALSE" if it isnt. so all we need to do is create a cookie that resembles the one
AS-GasTracker uses. the cookie name being "gastracker_admin".

the javascript code below will create a cookie on the domain its ran on, so simply type the javascript below
into Firefox/Netscape, then visit /admin/



Vulnerability:

javascript:document.cookie = "gastracker_admin=TRUE; path=/";



NOTE/TIP: 

after running the javascript code in your browser on the vulnerable domain, browse to /admin/ and you will have
access.



#  0day.today [2018-01-04]  #