Internet PhotoShow (Special Edition) - Insecure Cookie Handling

EDB-ID:

5617

Author:

t0pP8uZz

Type:

webapps

Platform:

PHP

Published:

2008-05-14

--==+================================================================================+==--
--==+	       Internet Photoshow (Special Edition) Insecure Cookie Handling         +==--
--==+================================================================================+==--



Discovered By: t0pP8uZz
Discovered On: 14 MAY 2008
Script Download: http://www.thomas-voecking.de/downloads/ps_se_fire.zip
DORK: "Internet Photoshow - Slideshow"



Vendor Has Not Been Notified!



DESCRIPTION: 

Internet Photoshow SE, suffers from insecure cookie handling, This allows the remote attacker to gain
arbitrary access to the admin area by crafting a admin cookie.

the following javascript code will craft a admin cookie, and make it available to access /admin.php



Exploit:

javascript:document.cookie = "login_admin=true; path=/";



NOTE/TIP: 

visit the affected domain and paste the above javascript into your browser, once excuted visit the
affected sites "/admin.php" and you will have access to admin.

its also possible to shell the site by uploading your shell through the file upload.



GREETZ: milw0rm.com, h4ck-y0u.org, CipherCrew !



peace, t0pP8uZz



--==+================================================================================+==--
--==+	       Internet Photoshow (Special Edition) Insecure Cookie Handling         +==--
--==+================================================================================+==--

# milw0rm.com [2008-05-14]