Menu

Search for hundreds of thousands of exploits

"MOJO IWms 7 - 'default.asp' Cookie Manipulation"

Author

Exploit author

cp77fk4r

Platform

Exploit platform

asp

Release date

Exploit published date

2007-12-17

Download file

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
source: https://www.securityfocus.com/bid/41746/info

MOJO IWMS is prone to a cookie-manipulation vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this vulnerability could allow an attacker to masquerade as another user. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

MOJO IWMS 7 is vulnerable; other versions may also be affected. 

The following example URI is available:

http://www.example.com/upload/default.asp?mode=wrong&ERRMSG=%3Cmeta+http-equiv='Set-cookie'+content='[Cookie-Name]=[Cookie-Value]'%3E
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2020-07-10 "HelloWeb 2.0 - Arbitrary File Download" webapps asp bRpsd
2020-03-16 "Enhanced Multimedia Router 3.0.4.27 - Cross-Site Request Forgery (Add Admin)" webapps asp "Miguel Mendez Z"
2020-01-24 "OLK Web Store 2020 - Cross-Site Request Forgery" webapps asp "Joel Aviad Ossi"
2019-12-18 "Rumpus FTP Web File Manager 8.2.9.1 - Reflected Cross-Site Scripting" webapps asp "Harshit Shukla"
2019-11-18 "Crystal Live HTTP Server 6.01 - Directory Traversal" webapps asp "numan türle"
2019-08-16 "Web Wiz Forums 12.01 - 'PF' SQL Injection" webapps asp n1x_
2019-05-06 "microASP (Portal+) CMS - 'pagina.phtml?explode_tree' SQL Injection" webapps asp "felipe andrian"
2019-02-12 "Skyworth GPON HomeGateways and Optical Network Terminals - Stack Overflow" dos asp "Kaustubh G. Padwad"
2018-11-05 "Advantech WebAccess SCADA 8.3.2 - Remote Code Execution" webapps asp "Chris Lyne"
2018-05-29 "IssueTrak 7.0 - SQL Injection" webapps asp "Chris Anastasio"
Release Date Title Type Platform Author
2010-06-22 "PHP Event Calendar 1.5 - Multiple Vulnerabilities" webapps php cp77fk4r
2010-06-22 "SoftComplex PHP Event Calendar 1.5 - Multiple Remote Vulnerabilities" webapps php cp77fk4r
2010-06-13 "PHPplanner PHP Planner 0.4 - Multiple Vulnerabilities" webapps php cp77fk4r
2010-05-30 "Nginx 0.6.36 - Directory Traversal" remote multiple cp77fk4r
2010-05-18 "phpMyAdmin 2.6.3-pl1 - Cross-Site Scripting / Full Path" webapps php cp77fk4r
2010-04-13 "Blog System 1.5 - Multiple Vulnerabilities" webapps php cp77fk4r
2010-04-12 "Blog System 1.x - Multiple Input Validation Vulnerabilities" webapps php cp77fk4r
2010-04-08 "Tiny Java Web Server 1.71 - Multiple Input Validation Vulnerabilities" remote multiple cp77fk4r
2010-04-08 "miniature java Web server 1.71 - Multiple Vulnerabilities" remote multiple cp77fk4r
2010-04-03 "SafeSHOP 1.5.6 - Cross-Site Scripting / Multiple Cross-Site Request Forgery Vulnerabilities" webapps asp cp77fk4r
2010-04-03 "Java Mini Web Server 1.0 - Directory Traversal / Cross-Site Scripting" remote multiple cp77fk4r
2010-03-27 "Uebimiau Webmail 2.7.2 - Multiple Vulnerabilities" webapps php cp77fk4r
2010-02-11 "PHP Captcha Security Images - Denial of Service" dos php cp77fk4r
2010-02-09 "MOJO's IWms 7 - SQL Injection / Cross-Site Scripting" webapps asp cp77fk4r
2010-02-06 "ShopEx Single 4.5.1 - 'errinfo' Cross-Site Scripting" webapps java cp77fk4r
2010-02-06 "ShopEx Single 4.5.1 - Multiple Vulnerabilities" webapps php cp77fk4r
2010-01-24 "SilverStripe CMS 2.3.5 - Cross-Site Request Forgery / Open Redirection" webapps php cp77fk4r
2010-01-21 "SHOUTcast Server 1.9.8/Win32 - Cross-Site Request Forgery" webapps windows cp77fk4r
2009-12-25 "cms -db 0.7.13 - Multiple Vulnerabilities" webapps php cp77fk4r
2009-12-22 "DeluxeBB 1.3 - Multiple Vulnerabilities" webapps php cp77fk4r
2009-12-21 "social Web CMS Beta 2 - Multiple Vulnerabilities" webapps php cp77fk4r
2007-12-17 "MOJO IWms 7 - 'default.asp' Cookie Manipulation" webapps asp cp77fk4r 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected