Home page logo
/

bugtraq logo Bugtraq mailing list archives

XEForum Cookie Modification Privilege Escalation Vulnerability
From: Firewall1954 () hotmail com
Date: 28 Jun 2007 01:12:55 -0000

--------------------------------------------------------------------   XEForum Cookie Modification Privilege Escalation 
Vulnerability
--------------------------------------------------------------------

Vulnerable product: XEForum
Vendor: http://www.xeforum.com/

Date:
--------------------
Found: Jun 26, 2007

Vulnerability:
--------------------
XeForum contains a flaw that may allow a remote attacker to gain     administrative privileges.
Modifying contained cookie you can change of session and to even enter like administrator. 

Cookie:
-----------------------------------
: Cookie: xeforum="Your Username" :
-----------------------------------
change to:
------------------------------------
: Cookie: xeforum="Admin Username" :
------------------------------------

Credit:
--------------------
Firewall
Firewall of Peru
Firewall () hotmail com
Greetz to Swp-Scene And Revolutionz
http://4firewall.uni.cc
--------------------------------------------------------------------


  By Date           By Thread  

Current thread:
  • XEForum Cookie Modification Privilege Escalation Vulnerability Firewall1954 (Jun 28)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault