 |
|
 |
|
- Readme First! -
Read and follow the rules, otherwise your posts will be closed |
|
|
|
|
|
There are currently, 411 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here |
|
|
|
|
|
|
| | The comments are owned by the poster. We aren't responsible for their content. |
| | | | |
| No Comments Allowed for Anonymous, please register | | | | |
Re: Admin AddAuthor POST Twist Exploit (Score: 1)
by IACOJ on Monday, May 17 @ 17:13:23 CEST
(User Info | Send a Message) | We have seen the following similar URI:
admin.php?op=AddAuthor&add_aid=ADDAID&add_name=God&add_pwd=ADDPWD&add_email=foo@bar.com&add_radminsuper=1
Used within IMG tags that when viewed by validated admins against their domain will launch an attack on themselves without knowing.
These attacks can be sent via forums, via news articles, and even via HTML emails.
Admin Tap stops these. HTTP Authentication does not. Once you are logged in, then the attack works. Admin Tap works regardless of logged in status.
The choice to either secure your system or not is all yours. We simply provide the know-how. |
| Parent | | | | | |
|