PHP Nuke Account Compromise Vulnerability

info
discussion
exploit
solution
references

PHP Nuke Account Compromise Vulnerability

PHP-Nuke is a popular web based Portal system. It allows users to create accounts and contribute content to the site. PostNuke was originally forked from PHP-Nuke, and is a similar project.

It is possible to hijack arbitrary user accounts under PHP-Nuke or PostNuke. A maliciously constructed cookie will allow an attacker to gain access to any account, including those with administrative privileges.