Lucene search
T0pP8uZzEDB-ID:5388HistoryApr 06, 2008 - 12:00 a.m.
Prozilla Topsites 1.0 - Arbitrary Edit/Add Users
2008-04-0600:00:00
t0pP8uZz
www.exploit-db.com
29
--==+================================================================================+==--
--==+ Prozilla Topsites 1.0 Arbitrary Edit/Add Users Vulnerability +==--
--==+================================================================================+==--
Discovered By: t0pP8uZz
Discovered On: 7 April 2008
Script Download: http://prozilla.net
DORK: N/A
Vendor Has Not Been Notified!
DESCRIPTION:
Prozilla TopSites in vulnerable due to bad session handling, multiple admin area files are not
validating the users that is viewing it, therefor making it viewiable to anyone, even unregistered people.
below you will find a URL that will locate the add and edit users page.
Vulnerability:
http://site.com/siteadmin/addu.php
http://site.com/siteadmin/editu.php
http://site.com/siteadmin/uidx.php
NOTE/TIP:
edit admin's password login to view all admin features ;)
GREETZ: milw0rm.com, h4ck-y0u.org, CipherCrew !
--==+================================================================================+==--
--==+ Prozilla Topsites 1.0 Arbitrary Edit/Add Users Vulnerability +==--
--==+================================================================================+==--
# milw0rm.com [2008-04-06]Related
prion
prion
Design/Logic Flaw
2008-04-15 10:05:00
cvelist
cvelist
CVE-2008-1784
2008-04-15 10:00:00
cve
cve
CVE-2008-1784
2008-04-15 10:05:00
nvd
nvd
CVE-2008-1784
2008-04-15 10:05:00