Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Cookie Manipulation Vulnerability in MOJO IWMS - exploit.company
header-logo
Suggest Exploit
vendor:
MOJO IWMS
by:
7.5
CVSS
HIGH
Cookie Manipulation
613
CWE
Product Name: MOJO IWMS
Affected Version From: MOJO IWMS 7
Affected Version To:
Patch Exists: NO
Related CWE:
CPE: a:mojo_iwms:mojo_iwms:7
Metasploit:
Other Scripts:
Platforms Tested:

Cookie Manipulation Vulnerability in MOJO IWMS

The MOJO IWMS application fails to properly sanitize user-supplied data, which can be exploited by an attacker to manipulate cookies and masquerade as another user. This can lead to the theft of cookie-based authentication credentials and enable the attacker to launch further attacks.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user-supplied data before using it in cookie values. Additionally, implement secure cookie handling practices, such as using HttpOnly and Secure flags.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/41746/info

MOJO IWMS is prone to a cookie-manipulation vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this vulnerability could allow an attacker to masquerade as another user. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

MOJO IWMS 7 is vulnerable; other versions may also be affected. 

The following example URI is available:

http://www.example.com/upload/default.asp?mode=wrong&ERRMSG=%3Cmeta+http-equiv='Set-cookie'+content='[Cookie-Name]=[Cookie-Value]'%3E

Navigation

Suggest Exploit

Services By CQR