Jump to content


Click here to lend your support to: Traq and make a donation at pledgie.com !
Photo

xss, csrf, sqli vulnerabilities in 2.3.5


  • Please log in to reply
4 replies to this topic

#1 vk_jsn

vk_jsn

    Member

  • Members
  • PipPip
  • 15 posts

Posted 21 June 2012 - 09:04 AM

take a look at this: http://packetstormse...-xssxsrfsql.txt

#2 Jack

Jack

    Project Founder

  • Administrators
  • 673 posts
  • LocationAustralia

Posted 21 June 2012 - 01:44 PM

All pages in the AdminCP call the "authenticate()" function which halts page loading if the user is not a member of a group that can access the AdminCP.

I didn't read anywhere that explains how to get around that, so if you're an admin, why would you exploit this?

However, I will make some edits to this and "secure" it a little more.

#3 ChickenChips

ChickenChips

    Member

  • Members
  • PipPip
  • 16 posts

Posted 26 June 2012 - 02:21 AM

LOL, that exploiter is stupid. Like you said, the person has to have admin permissions, which means they're already an admin, so why exploit this to get admin permissions?

Like really thats just epic stupidity right there.

#4 arturo182

arturo182

    Advanced Member

  • Contributor
  • PipPipPip
  • 151 posts

Posted 26 June 2012 - 11:19 AM

Still an exploit is an exploit and should be fixed.

How about if you have two administrators and one of them wants to screw over the second one, he steals his password which happens to be the same as the password for the server's root account and we have a problem.

On the other hand the second admin is stupid for reusing password so let him be screwed over ;)
Traq, yo!

#5 ChickenChips

ChickenChips

    Member

  • Members
  • PipPip
  • 16 posts

Posted 01 July 2012 - 07:39 AM

Well any project or company/organisation that has admins that want to screw over each other has bigger problems than an exploit like this.

I still say this is a stupid exploit and the way that guy went on about it is even more stupider, I mean look at it "Exploit this to get admin privs" is kinda what he's saying and yet you NEED to be an admin to exploit it, I guess he's a usual PHP script kiddy.


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users