Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

BoastMachine v3.0 platinum - Session İd Hacking

from [vagrant Pest] Network Security [Permanent Link]
Subject: BoastMachine v3.0 platinum - Session İd Hacking
Date: Tue, 22 May 2007 09:01:27 +0000 
Vagrant - E-hack.org (05.22.2007)

BoastMachine v3.0 platinum - Session İd Hacking

After the login into the site which alllows new user registration. Site user's data which is entered to change the topic, can be changed by another user, and that is a security hole because of ID interchangeability in URL address space.

If the changed topic belongs to the admin it doedn't affect the free login and site user has an authority to make changes and cop the topics.

------- >>>

Vulnerable;

http://www.xxx.com/login.php

http://www.xxx.com/user.php?action=list_posts

Edit posts;
http://www.e-hack.org/user.php?action=list_posts

Post title edit;
http://www.xxx.com/user.php?action=edit_post&blog=1&id=(155) = (İd)

New İd;
http://www.xxx.com/user.php?action=edit_post&blog=1&id=(154) = (İd)


Credits : Vagrant
Contact : kernel-32@hotmail.com
Site : www.e-hack.org

_________________________________________________________________
Siz de iletişimin evrimine katılın! http://www.communicationevolved.com/tr-tr/

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • BoastMachine v3.0 platinum - Session İd Hacking, vagrant Pest <=
Previous by Date:  Magic iso heap over flow <Help>, KaCo678
Next by Date:  NOD32 Antivirus Long Path Name Stack Overflow Vulnerabilities, Ismael Briones
Previous by Thread:  Magic iso heap over flow <Help>, KaCo678
Next by Thread:  NOD32 Antivirus Long Path Name Stack Overflow Vulnerabilities, Ismael Briones
Indexes:  [Date] [Thread] [Top] [All Lists]