--==+================================================================================+==-- --==+ Web Slider <= 0.6 Insecure Cookie/Authentication Handling +==-- --==+================================================================================+==-- Discovered By: t0pP8uZz Discovered On: 15 MAY 2008 Script Download: http://sourceforge.net/projects/webslider/ DORK: N/A Vendor Has Not Been Notified! DESCRIPTION: Web Slider 1.6 (and prior), suffers from insecure cookie handling, when a admin logs in successfully a cookie is created so admin doesnt have to login everypage, the bad thing is the coding is poor and the script only checks to see if the cookie exists, it doesnt contain any password or anything. so all we need to do is create a cookie so it makes us look like admin, the below javascript will do just that. Exploit: javascript:document.cookie = "admin=1; path=/"; NOTE/TIP: after pasting the above javascript code in your browser on a affected domain, you will be able to goto "/admin.php" and access it as if you were a admin. this should come to your attention how many web-developers are very bad coders. and leave massive easy-to-fix holes like this in there scripts. just remember when downloading a file of any kind to read through its source, and make sure its secure GREETZ: milw0rm.com, h4ck-y0u.org, CipherCrew ! peace, t0pP8uZz --==+================================================================================+==-- --==+ Web Slider <= 0.6 Insecure Cookie/Authentication Handling +==-- --==+================================================================================+==-- # milw0rm.com [2008-05-15]