• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Powerboards Cookie Manipulation Account Compromise Vulnerability

Powerboards use cookies for authentication, and are saved in a non-encrypted format. It is possible for a malicious user to manipulate values in their cookie to gain access to Powerboards as any user.

Successful hijacking of user accounts will permit the malicious user to take various actions as the unknowing user. It should be noted that it is possible to log in as the administrator, and gain access to admin resources.