lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Mon, 12 Mar 2007 12:01:57 -0500
From: "Matt D. Harris" <mdh@...itox.net>
To: DoZ@...kersCenter.com
Cc: bugtraq@...urityfocus.com
Subject: Re: Wiki Remote Authentication Bypass Vulnerability

This is the designed behavior of the application, not an "exploit" as 
you claim.  In addition to that, the syntax used in your example URL's 
is specific to MediaWiki, and not common amongst all wiki apps, as you 
claim.  Furthermore, this "exploit" does not work "100% of the time" - 
even if this could be called an exploit, which it clearly is not, 
protecting an entry and configuring levels of access are relatively 
common and simple tasks for Wiki administrators.
Your claim that this is an access validation error is simply wrong, and 
is akin to saying that being able to write to a file which a user 
intentionally sets to mode 0777 is an error.
- Matt

DoZ@...kersCenter.com wrote:
> Wiki Remote Authentication Bypass Vulnerability
> 
> 
> 
> The Exploit Works 100 % of the time. It really is up to the admin to add security
> like locking a page to prevent editing. There are Two ways of having this Exploit
> work. One is simply add the code (example 1) after the Page you wanna test or if that dosent work, add Code (example 2) and Exploit code after the new pages Name! Anyone using any type of Wiki project is vulnerable. Successfully exploiting this issue allows remote attackers to gain remote administrative access to the vulnerable sites Pages. Attackers can use a browser to exploit this issue.
> 
> 
> Hackers Center Security Group (http://www.hackerscenter.com)
> Credit: Doz
> 
> 
> 
> Class: Access Validation Error
> 
> Remote: Yes
> 
> 
> 
> Vendor: http://www.wiki.org/
> Version: N/A
> 
> 
> 
> Exploit: ?action=edit
> 
> Example 1: http://www.Site.com/wiki/Main_Page?action=edit
> 
> Example 2: http://www.Site.com/wiki/Hacked?action=edit
> 
> 
> 
> Proff of Concept: (Concealed)
> 
> 
> 
> Security researcher? Join us: mail Zinho at zinho at hackerscenter.com
> 

-- 
/*
  * Matt D. Harris         <mdh@...itox.net>
  *  Solitox Networks - Lead Project Engineer
  */

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ