NetBill Enterprise Cookie Manipulation Vulnerability

2011-02-08 / 2014-09-23
Credit: Ali Pandidan
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= $ Title: NetBill Enterprise Cookie manipulation Vulnerability $ Version: All Version $ Author: P0W3RFU7 $ Email: Pandidan@Gmail.com $ Description: By injecting a custom HTTP header or by injecting a META tag, it is possible to alter the cookies stored in the browser. Attackers will normally manipulate cookie values to fraudulently authenticate themselves on a web site. =-=-=-=-=-=-=-=-=-=-=-=-(Vulnerability Details)-=-=-=-=-=-=-=-=-=-= $ Affects: /netbill-holder/user/login/ $ Sample: http://target.com/netbill-holder/user/login/ $ Demo: http://212.80.0.249/netbill-holder/user/login/ $ Note: You must login to your account ! =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Greetz: HUrr!c4nE - Cair3x - black.shadowes - hadihadi - iM4n - Mormoroth - Mr.Hesy - irsdl - Dj7xpl - Sc0rpion , Expl0its , The-0utl4w , Mikili - Net.Edit0r - md.r00t - S3Ri0uS - NeFrin - Skitt3r & My Best Friend Takpar

References:

http://AjaxTm.com


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top