Re: Podium CMS - Cookie Manipulation Exploit

["Steven M. Christey" <coley () mitre org>]

Hello,

Pardon me for being dense, but what exactly does "cookie manipulation"
mean in this context?  What is the vulnerability?

Looking at the following exploit code:

  <input name="id" size=75
  value="<meta+http-equiv='Set-cookie'+content='cookiename=cookievalue'>">

The (apparent) injection of a META tag suggests that the real issue is
XSS.  Do you mean that there's an XSS attack which could be used to
modify cookies?  Or are you talking about CSRF?

Where do 'cookiename' and 'cookievalue' come from?

Finally, while "Podium" does seem to be in heavy use, what is the
actual product and vendor that's affected?


Thanks,
Steve