--==+================================================================================+==-- --==+ Multi-Page Comment System 1.1.0 Insecure Cookie Handling +==-- --==+================================================================================+==-- Discovered By: t0pP8uZz Discovered On: 15 MAY Script Download: http://tpvgames.co.uk/web/mpcs/ DORK: "(Multi-Page Comment System)" Vendor Has Not Been Notified! DESCRIPTION: Multi-Page Comment System, suffers from insecure cookie handling, when a admin login is successfull the script creates a cookie to show the rest of the admin area the user is already logged in. the bad thing is the cookie doesnt contain any password or anything alike, therefor we can craft a admin cookie and make it look like we are logged in as a legit admin. the below javascript code will create a cookie, after pasting the code into your browser and running on the affected domain, you can simply visit "/admin.php" and your admin. Exploit: javascript:document.cookie = "CommentSystemAdmin=1; path=/"; NOTE/TIP: after pasting the above javascript code into your browser you can visit "/admin.php" to see your a admin. (this just shows how many bad programmers are out there.) GREETZ: milw0rm.com, h4ck-y0u.org, CipherCrew ! peace, t0pP8uZz --==+================================================================================+==-- --==+ Multi-Page Comment System 1.1.0 Insecure Cookie Handling +==-- --==+================================================================================+==-- # milw0rm.com [2008-05-15]