CVE-2008-6743
published 2009-04-22CVE-2008-6743: RSMScript 1.21 allows remote attackers to bypass authentication and gain administrative privileges by setting the verified cookie to an arbitrary value and…
PriorityP351high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.59%
83.3th percentile
RSMScript 1.21 allows remote attackers to bypass authentication and gain administrative privileges by setting the verified cookie to an arbitrary value and performing a direct request to (1) delete.php, (2) edit-submit.php, (3) edit.php, (4) submit.php, and (5) update.php, which bypasses the security check that is performed by verify.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| shock-therapy | rsmscript | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
RSMScript 1.21 - Cross-Site Scripting / Insecure Cookie Handling
exploitdb·2008-12-17
CVE-2008-6743 RSMScript 1.21 - Cross-Site Scripting / Insecure Cookie Handling
RSMScript 1.21 - Cross-Site Scripting / Insecure Cookie Handling
---
[START]
#########################################################################################
[0x01] Informations:
Script : RSMScript 1.21
Download : http://www.hotscripts.com/jump.php?listing_id=78547&jump_type=1
Vulnerability : Insecure Cookie Handling / XXS
Author : Osirys
Contact : osirys[at]live[dot]it
Website : http://osirys.org
Notes : Proud to be Italian
Greets: : XaDoS, x0r, emgent, Jay, str0ke, Todd and AlpHaNiX
#########################################################################################
[0x02] Bug: [Insecure Cookie Handling]
######
Bugged file is: /[path]/verify.php
[CODE]
if($admin_pass == $code)
{
setcookie("verified", "null", time()+1800);
header( 'refresh: 0; url=update.php' );
}
[
Exploit-DB
LokiCMS 0.3.4 - 'admin.php' Create Local File Inclusion
exploitdb·2008-10-13
CVE-2008-4662 LokiCMS 0.3.4 - 'admin.php' Create Local File Inclusion
LokiCMS 0.3.4 - 'admin.php' Create Local File Inclusion
---
# LokiCMS 0.3.4 (admin.php) Create Local File Inclusion Exploit
# url: http://www.lokicms.com/
#
# Author: JosS
# mail: sys-project[at]hotmail[dot]com
# site: http://spanish-hackers.com
# team: Spanish Hackers Team - [SHT]
#
# This was written for educational purpose. Use it at your own risk.
# Author will be not responsible for any damage.
#
# Greetz To: All Hackers and milw0rm website
#
# *Requirements: magic_quotes_gpc = Off
I had one idea when i saw http://milw0rm.com/exploits/6743
I created the exploit that creates LFI.
vuln file: admin.php
vuln code:
case 'A_SAVE_G_SETTINGS': //save main settings
writeconfig ( $c_password, $_POST['title'], $_POST['header'], $_POST['tagline'], $_POST
['footnote'], $c_default, $_POST['the
No writeups or analysis indexed.
http://osvdb.org/50802http://secunia.com/advisories/33150http://www.securityfocus.com/bid/32886https://exchange.xforce.ibmcloud.com/vulnerabilities/47451https://www.exploit-db.com/exploits/7497http://osvdb.org/50802http://secunia.com/advisories/33150http://www.securityfocus.com/bid/32886https://exchange.xforce.ibmcloud.com/vulnerabilities/47451https://www.exploit-db.com/exploits/7497
2009-04-22
Published