XEForum Cookie Modification Privilege Escalation Vulnerability

2007.07.03

Credit: Firewall1954

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2007-3500

CWE: CWE-264

CVSS Base Score: 10/10

Impact Subscore: 10/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Complete

Integrity impact: Complete

Availability impact: Complete

-------------------------------------------------------------------- XEForum Cookie Modification Privilege Escalation Vulnerability
--------------------------------------------------------------------
Vulnerable product: XEForum
Vendor: http://www.xeforum.com/
Date:
--------------------
Found: Jun 26, 2007
Vulnerability:
--------------------
XeForum contains a flaw that may allow a remote attacker to gain administrative privileges.
Modifying contained cookie you can change of session and to even enter like administrator.
Cookie:
-----------------------------------
: Cookie: xeforum="Your Username" :
-----------------------------------
change to:
------------------------------------
: Cookie: xeforum="Admin Username" :
------------------------------------
Credit:
--------------------
Firewall
Firewall of Peru
Firewall (at) hotmail (dot) com [email concealed]
Greetz to Swp-Scene And Revolutionz
http://4firewall.uni.cc
--------------------------------------------------------------------

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

XEForum Cookie Modification Privilege Escalation Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.