Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:12829
HistoryMay 26, 2006 - 12:00 a.m.

phpFoX All Version Login Exploit

2006-05-2600:00:00
vulners.com
39
JSON

phpFoX (AllVersion) Login to any Account

#Exploit found by Mx [at] hackmx.net
#Login as any user/admin/mod
#Action event only once
This exploit will allow you to action an event per login, on any account in phpFoX (All Versions).

1> Create an account on phpFox, after activating the account, login.
2> Go to edit your cookies.
3> The domain which has phpFoX installed, find the cookie "NATIO" and the value of this cookie should be
3> the account you just created.
4> Go to edit profile in your own account, or anything in your own account, and then change the value of
4> NATIO to the account you want to edit.
5> Save the cookie, and hit submit to submit the information you are editing.
6> The information on their page will change, but the next time you click something you will be logged out.

www.hackmx.net

Exploit found May 20, 2006

JSON