TUCoPS :: Web BBS :: etc :: tb11467.htm

XEForum Cookie Modification Privilege Escalation Vulnerability
XEForum Cookie Modification Privilege Escalation Vulnerability
XEForum Cookie Modification Privilege Escalation Vulnerability



--------------------------------------------------------------------   XEForum Cookie Modification Privilege Escalation Vulnerability
--------------------------------------------------------------------

Vulnerable product: XEForum
Vendor: http://www.xeforum.com/ 

Date:
--------------------
Found: Jun 26, 2007

Vulnerability:
--------------------
XeForum contains a flaw that may allow a remote attacker to gain     administrative privileges.
Modifying contained cookie you can change of session and to even enter like administrator. 

Cookie:
-----------------------------------
: Cookie: xeforum="Your Username" :
-----------------------------------
change to:
------------------------------------
: Cookie: xeforum="Admin Username" :
------------------------------------

Credit:
--------------------
Firewall
Firewall of Peru
Firewall@hotmail.com 
Greetz to Swp-Scene And Revolutionz
http://4firewall.uni.cc 
--------------------------------------------------------------------

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH