[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060523203052.15915.qmail@securityfocus.com>
Date: 23 May 2006 20:30:52 -0000
From: mx@...kmx.net
To: bugtraq@...urityfocus.com
Subject: phpFoX All Version Login Exploit
phpFoX (AllVersion) Login to any Account
#Exploit found by Mx [at] hackmx.net
#Login as any user/admin/mod
#Action event only once
This exploit will allow you to action an event per login, on any account in phpFoX (All Versions).
1> Create an account on phpFox, after activating the account, login.
2> Go to edit your cookies.
3> The domain which has phpFoX installed, find the cookie "NATIO" and the value of this cookie should be the account you just created.
4> Go to edit profile in your own account, or anything in your own account, and then change the value of NATIO to the account you want to edit.
5> Save the cookie, and hit submit to submit the information you are editing.
6> The information on their page will change, but the next time you click something you will be logged out.
# www.hackmx.net
# Exploit found May 20, 2006
----------------------------
Powered by blists - more mailing lists