Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY LINKS NEWS MAN DOCUMENTATION

<< Previous INDEX Search src / Print Next >>

Date: 28 Jun 2007 01:12:55 -0000
From: [email protected]
To: [email protected]
Subject: XEForum Cookie Modification Privilege Escalation Vulnerability
X-Virus-Scanned: antivirus-gw at tyumen.ru

--------------------------------------------------------------------   XEForum Cookie Modification Privilege Escalation Vulnerability
--------------------------------------------------------------------

Vulnerable product: XEForum
Vendor: http://www.xeforum.com/

Date:
--------------------
Found: Jun 26, 2007

Vulnerability:
--------------------
XeForum contains a flaw that may allow a remote attacker to gain     administrative privileges.
Modifying contained cookie you can change of session and to even enter like administrator. 

Cookie:
-----------------------------------
: Cookie: xeforum="Your Username" :
change to:
------------------------------------
: Cookie: xeforum="Admin Username" :

Credit:
--------------------
Firewall
Firewall of Peru
[email protected]
Greetz to Swp-Scene And Revolutionz
http://4firewall.uni.cc
--------------------------------------------------------------------

<< Previous INDEX Search src / Print Next >>

Партнёры:

Хостинг: