Network Security: Detailed info on XEForum Cookie Modification Privilege Escalation Vulnerability

Subject:	XEForum Cookie Modification Privilege Escalation Vulnerability
Date:	28 Jun 2007 01:12:55 -0000

Subject:

XEForum Cookie Modification Privilege Escalation Vulnerability

Date:

28 Jun 2007 01:12:55 -0000

--------------------------------------------------------------------   XEForum 
Cookie Modification Privilege Escalation Vulnerability
--------------------------------------------------------------------

Vulnerable product: XEForum
Vendor: http://www.xeforum.com/

Date:
--------------------
Found: Jun 26, 2007

Vulnerability:
--------------------
XeForum contains a flaw that may allow a remote attacker to gain     
administrative privileges.
Modifying contained cookie you can change of session and to even enter like 
administrator. 

Cookie:
-----------------------------------
: Cookie: xeforum="Your Username" :
-----------------------------------
change to:
------------------------------------
: Cookie: xeforum="Admin Username" :
------------------------------------

Credit:
--------------------
Firewall
Firewall of Peru
Firewall@hotmail.com
Greetz to Swp-Scene And Revolutionz
http://4firewall.uni.cc
--------------------------------------------------------------------

<Prev in Thread]	Current Thread	[Next in Thread>
XEForum Cookie Modification Privilege Escalation Vulnerability, Firewall1954 <=

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	eTicket version 1.5.5 XSS Attack Vulnerability, securityresearch
Next by Date:	[SecurInfos] PCSoft WinDEV .wdp Project File Handling Buffer Overflow, Jerome Athias
Previous by Thread:	eTicket version 1.5.5 XSS Attack Vulnerability, securityresearch
Next by Thread:	[SecurInfos] PCSoft WinDEV .wdp Project File Handling Buffer Overflow, Jerome Athias
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

eTicket version 1.5.5 XSS Attack Vulnerability, securityresearch

Next by Date:

[SecurInfos] PCSoft WinDEV .wdp Project File Handling Buffer Overflow, Jerome Athias

Previous by Thread:

eTicket version 1.5.5 XSS Attack Vulnerability, securityresearch

Next by Thread:

[SecurInfos] PCSoft WinDEV .wdp Project File Handling Buffer Overflow, Jerome Athias

Indexes:

[Date] [Thread] [Top] [All Lists]