#######################################################################
#
# Exploit Title: UAG-CMS Session Fixation Script
# Date: 2014 18 March
# Author: Dr.3v1l
# Vendor Homepage: http://julienetnel.github.io/inu/
# Tested on: Windows
# Category: webapps
# Google Dork: intext:"UAG CMS"
#
#######################################################################
#
# [+] Exploit :
#
# http://<server>/UAG-CMS/admin/identification.php
#
# Discovered by: Scripting (Session_Fixation.script).
# 
# Attack details :
# Session cookie PHPSESSID was fixed to acunetixsessionfixation.
# 
# Vulnerability description :
#
# Session Fixation is an attack that permits an attacker to hijack a valid user session.
# The attack explores a limitation in the way the web application manages the session ID,
# more specifically the vulnerable web application. When authenticating a user,
# it doesn't assign a new session ID, making it possible to use an existent session ID.
# The attack consists of inducing a user to authenticate himself with a known session ID,
# and then hijacking the user-validated session by the knowledge of the used session ID.
# The attacker has to provide a legitimate Web application session ID and try to make the victim's browser use it.
#
#######################################################################
#
# [+] Contact Me :
#
#     B.Devils.B@gmail.com
#     Twitter.com/Doctor_3v1l
#     Facebook.com/bdb.0web
#     Facebook.com/groups/1427166220843499/
#     IR.linkedin.com/in/hossein3v1l
#     Hossein Hezami - Black_Devils B0ys
#
#######################################################################
# B.Devils.B Friends , R.H.H (UnderGround) , IeDB.IR , IrSecTeam
#######################################################################