http://www.milw0rm.com/exploits/6438
It's not quite so simple as that. An Authentication Bypass Exploit is one of the trickier Cross Site Scripting Exploits out there. By posting code on a particular site that you know an administrator goes to, you can extract the cookie he used to authenticate. You can then use that cookie (until it expires or the administrator logs off) to perform administrative actions on the site.
An easy fix for mostly disabling this exploit is to associate a randomly-generated session key with the cookie. As the administrator posts data or navigates pages, generate the key and put it in the POST or COOKIE. When the next page loads, compare the key in the session with the key in the POST or COOKIE. If they match, the administrator is authenticated and you destroy the key.
If the cookie is intercepted, the key it contains is only valid for that one single transfer, and cannot be used for other possibly malicious means.