phpList 2.10.x – Security Bypass / Information Disclosure

• Exploit Database
• 16 阅读

• 作者： Davide Canali
  日期： 2011-08-15
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/36048/

• source: https://www.securityfocus.com/bid/49188/info
  
  PHPList is prone to a security-bypass vulnerability and an information-disclosure vulnerability.
  
  An attacker can exploit these issues to gain access to sensitive information and send arbitrary messages to registered users. Other attacks are also possible. 
  
  http://www.example.com/lists/?p=forward&uid=VALID_UID&mid=ID
  http://www.example.com/lists/?p=forward&uid=foo&mid=ID