lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060523203052.15915.qmail@securityfocus.com>
Date: 23 May 2006 20:30:52 -0000
From: mx@...kmx.net
To: bugtraq@...urityfocus.com
Subject: phpFoX All Version Login Exploit


phpFoX (AllVersion) Login to any Account

#Exploit found by Mx [at] hackmx.net
#Login as any user/admin/mod
#Action event only once
This exploit will allow you to action an event per login, on any account in phpFoX (All Versions).


1> Create an account on phpFox, after activating the account, login.
2> Go to edit your cookies.
3> The domain which has phpFoX installed, find the cookie "NATIO" and the value of this cookie should be the account you just created.
4> Go to edit profile in your own account, or anything in your own account, and then change the value of NATIO to the account you want to edit.
5> Save the cookie, and hit submit to submit the information you are editing.
6> The information on their page will change, but the next time you click something you will be logged out.


# www.hackmx.net
# Exploit found May 20, 2006
----------------------------


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ