[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Prozilla Topsites 1.0 Arbitrary Edit/Add Users Vulnerability

Author
t0pP8uZz
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-2834
Category
web applications
Date add
05-04-2008
Platform
unsorted
============================================================
Prozilla Topsites 1.0 Arbitrary Edit/Add Users Vulnerability
============================================================




--==+================================================================================+==--
--==+	    Prozilla Topsites 1.0 Arbitrary Edit/Add Users Vulnerability             +==--
--==+================================================================================+==--



Discovered By: t0pP8uZz
Discovered On: 7 April 2008
Script Download: http://prozilla.net
DORK: N/A

Vendor Has Not Been Notified!


DESCRIPTION: 
Prozilla TopSites in vulnerable due to bad session handling, multiple admin area files are not
validating the users that is viewing it, therefor making it viewiable to anyone, even unregistered people.

below you will find a URL that will locate the add and edit users page.


Vulnerability:
http://site.com/siteadmin/addu.php
http://site.com/siteadmin/editu.php
http://site.com/siteadmin/uidx.php


NOTE/TIP: 
edit admin's password login to view all admin features  ;) 



#  0day.today [2024-12-25]  #