EID-ID: 5630 CVE: 2008-2293 Author: toppy8uzz Type: WEBAPPS Platform: PHP Date: 2008-05-15 Vulnerable App: Multi-Page Comment System 1.1.0 Description Multi-Page Comment System 1.1.0 suffers from insecure cookie handling. When an admin login is successful, the script creates a cookie to show the rest of the admin area, but the cookie does not contain any password or authentication information. This allows attackers to craft an admin cookie, making it look like they are logged in as a legitimate admin. Exploit Note/Tip After pasting the above JavaScript code into your browser and running it on the affected domain, you can visit to access the admin area.