Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Ektron CMS TakeOver Part (2) - PaylPal-Forward.com demonstration

From: Mark Litchfield <mark () securatary com>
Date: Tue, 04 Feb 2014 15:08:18 -0800
On 2/4/2014 3:01 PM, security curmudgeon wrote:

: > : From: Mark Litchfield <mark () securatary com>
: >
: > : As previously stated, I would post an update for Ektron CMS bypassing :
: > the security fix.
: >
: > : A full step by step with the usual screen shots can be found at - :
: > http://www.securatary.com/vulnerabilities
: >
: > Uh... you expect people to login to your site with their Facebook or Twitter
: > credentials, to access these advisories?
:
: Errr no ??  Use the other option ??  And if you don't want to register, don't
: bother !!

Links from /vulnerabilities, directly from advisories off the Research
page, and even "Follow us on Twitter" all drop back to a login page asking
for authentication using either Facebook or Twitter.

This is not the behavior of the site as of 48 hours ago.
Let me check. Normal registration should also be available ? Infact I will remove the registration.
The purpose of this whole registration in the first place was to allow for future postings I am going to make later this week that would only be available to registered users. Not necessarily vulnerabilities, but useful "stuff" for pentesting. Also all registered users would be given a 48 hours head start on any new vulnerabilities that I post in the future. 

All the best

Mark

Mark

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: