Multi-Page Comment System 1.1.0 - Insecure Cookie Handling

EDB-ID:

5630


Author:

t0pP8uZz

Type:

webapps


Platform:

PHP

Date:

2008-05-15


--==+================================================================================+==--
--==+              Multi-Page Comment System 1.1.0 Insecure Cookie Handling          +==--
--==+================================================================================+==--



Discovered By: t0pP8uZz
Discovered On: 15 MAY
Script Download: http://tpvgames.co.uk/web/mpcs/
DORK: "(Multi-Page Comment System)"



Vendor Has Not Been Notified!




DESCRIPTION: 

Multi-Page Comment System, suffers from insecure cookie handling, when a admin login is successfull the script creates
a cookie to show the rest of the admin area the user is already logged in. the bad thing is the cookie doesnt
contain any password or anything alike, therefor we can craft a admin cookie and make it look like we are
logged in as a legit admin.

the below javascript code will create a cookie, after pasting the code into your browser and running
on the affected domain, you can simply visit "/admin.php" and your admin.



Exploit:

javascript:document.cookie = "CommentSystemAdmin=1; path=/";



NOTE/TIP: 

after pasting the above javascript code into your browser you can visit "/admin.php" to see your a admin.

(this just shows how many bad programmers are out there.)



GREETZ: milw0rm.com, h4ck-y0u.org, CipherCrew !



peace, t0pP8uZz



--==+================================================================================+==--
--==+              Multi-Page Comment System 1.1.0 Insecure Cookie Handling          +==--
--==+================================================================================+==--

# milw0rm.com [2008-05-15]