It seems that Omegasoft's Insel 7 may suffer from a cookie validation vulnerability.
47204927eb9c82b6599bf19ac2a58c6fb988a8f4a9207c13bac66b3e789dfc9eHi list,
Omegasoft's Insel 7 stores Cookies on your computer for identifying
the logged-in user.
As these Cookies do not contain any password hash but only the
username and some meaningless stuff you can easily get into the system
with another login.
this gets even more easy, as there is a conclusive error message on
failed login attempt.
If the user exists, you get a wrong password message.
It is possible to enumerate the users.
together, you can sign on as any user u want to without knowing the password.
Cookiename: OMEGALogon
value: [MANDATOR]%7C[CUSTOMERNUMBER]%7C[USERID]%7C%7CArial%7CArial%7C%2D%2D%2D%2D%2D%2D%7C[SURNAME]%2C+[NAME]%7C%7C%7C[LASTLOGINTIME]%7C
Cookiename: OMEGA[MANDATOR]
value: [USERID]%7C[CUSTOMERNUMBER]%7[HOST]%7C[DATE]%7C
Regards
MC.Iglo
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed