| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 12 Mar 2007 02:55:02 -0000 From: DoZ@...kersCenter.com To: bugtraq@...urityfocus.com Subject: Wiki Remote Authentication Bypass Vulnerability Wiki Remote Authentication Bypass Vulnerability The Exploit Works 100 % of the time. It really is up to the admin to add security like locking a page to prevent editing. There are Two ways of having this Exploit work. One is simply add the code (example 1) after the Page you wanna test or if that dosent work, add Code (example 2) and Exploit code after the new pages Name! Anyone using any type of Wiki project is vulnerable. Successfully exploiting this issue allows remote attackers to gain remote administrative access to the vulnerable sites Pages. Attackers can use a browser to exploit this issue. Hackers Center Security Group (http://www.hackerscenter.com) Credit: Doz Class: Access Validation Error Remote: Yes Vendor: http://www.wiki.org/ Version: N/A Exploit: ?action=edit Example 1: http://www.Site.com/wiki/Main_Page?action=edit Example 2: http://www.Site.com/wiki/Hacked?action=edit Proff of Concept: (Concealed) Security researcher? Join us: mail Zinho at zinho at hackerscenter.com
Powered by blists - more mailing lists