header-logo
Suggest Exploit
vendor:
Multi-Page Comment System
by:
t0pP8uZz
6.4
CVSS
MEDIUM
Insecure Cookie Handling
613
CWE
Product Name: Multi-Page Comment System
Affected Version From: 1.1.2000
Affected Version To: 1.1.2000
Patch Exists: NO
Related CWE: N/A
CPE: a:tpvgames:multi-page_comment_system
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Multi-Page Comment System 1.1.0 Insecure Cookie Handling

Multi-Page Comment System, suffers from insecure cookie handling, when a admin login is successfull the script creates a cookie to show the rest of the admin area the user is already logged in. the bad thing is the cookie doesnt contain any password or anything alike, therefor we can craft a admin cookie and make it look like we are logged in as a legit admin. The below javascript code will create a cookie, after pasting the code into your browser and running on the affected domain, you can simply visit "/admin.php" and your admin.

Mitigation:

Ensure that the cookie is encrypted and contains a secure token that is not easily guessable.
Source

Exploit-DB raw data:

--==+================================================================================+==--
--==+              Multi-Page Comment System 1.1.0 Insecure Cookie Handling          +==--
--==+================================================================================+==--



Discovered By: t0pP8uZz
Discovered On: 15 MAY
Script Download: http://tpvgames.co.uk/web/mpcs/
DORK: "(Multi-Page Comment System)"



Vendor Has Not Been Notified!




DESCRIPTION: 

Multi-Page Comment System, suffers from insecure cookie handling, when a admin login is successfull the script creates
a cookie to show the rest of the admin area the user is already logged in. the bad thing is the cookie doesnt
contain any password or anything alike, therefor we can craft a admin cookie and make it look like we are
logged in as a legit admin.

the below javascript code will create a cookie, after pasting the code into your browser and running
on the affected domain, you can simply visit "/admin.php" and your admin.



Exploit:

javascript:document.cookie = "CommentSystemAdmin=1; path=/";



NOTE/TIP: 

after pasting the above javascript code into your browser you can visit "/admin.php" to see your a admin.

(this just shows how many bad programmers are out there.)



GREETZ: milw0rm.com, h4ck-y0u.org, CipherCrew !



peace, t0pP8uZz



--==+================================================================================+==--
--==+              Multi-Page Comment System 1.1.0 Insecure Cookie Handling          +==--
--==+================================================================================+==--

# milw0rm.com [2008-05-15]