Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

PHPBlogger cookie privilege escalation

from [darthballsbr] Network Security [Permanent Link]
Subject: PHPBlogger cookie privilege escalation
Date: 28 Jul 2007 11:03:24 -0000 
PHPBlogger is a simple tool to help the creation of web blogs...

Encrypted admin password and other preferences are stored on /data/pref.db

You can find lots of them exposed with google
search: pref password= filetype:db
=]

--------------------------------------------

The admin panel is acessible once you have a cookie named "key" with the 
encrypted password


So, its possible to administrate remote blogs just by searching for a exposed 
pref.db and creating a cookie for the page with the encrypted password

for more detailes (pt-BR)
http://forcehacker.com/forum/viewtopic.php?t=2352

by darthballs
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • PHPBlogger cookie privilege escalation, darthballsbr <=
Previous by Date:  Message Board / Threaded Discussion Forum SQL INJECTION, Advisory
Next by Date:  phpCoupon Vulnerabilities, hack2prison
Previous by Thread:  Message Board / Threaded Discussion Forum SQL INJECTION, Advisory
Next by Thread:  phpCoupon Vulnerabilities, hack2prison
Indexes:  [Date] [Thread] [Top] [All Lists]