Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:16326
HistoryMar 12, 2007 - 12:00 a.m.

Wiki Remote Authentication Bypass Vulnerability

2007-03-1200:00:00
vulners.com
12
JSON

Wiki Remote Authentication Bypass Vulnerability

The Exploit Works 100 % of the time. It really is up to the admin to add security
like locking a page to prevent editing. There are Two ways of having this Exploit
work. One is simply add the code (example 1) after the Page you wanna test or if that dosent work, add Code (example 2) and Exploit code after the new pages Name! Anyone using any type of Wiki project is vulnerable. Successfully exploiting this issue allows remote attackers to gain remote administrative access to the vulnerable sites Pages. Attackers can use a browser to exploit this issue.

Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz

Class: Access Validation Error

Remote: Yes

Vendor: http://www.wiki.org/
Version: N/A

Exploit: ?action=edit

Example 1: http://www.Site.com/wiki/Main_Page?action=edit

Example 2: http://www.Site.com/wiki/Hacked?action=edit

Proff of Concept: (Concealed)

Security researcher? Join us: mail Zinho at zinho at hackerscenter.com

JSON