phpList 3.0.10 Insecure Direct Object Reference

phpList 3.0.10 Insecure Direct Object Reference: Posted Apr 2, 2015; Authored by Provensec; phpList version 3.0.10 suffers from an insecure direct object reference vulnerability.; tags | exploit; SHA-256 | 7772546874c47e1bdb59fee8bab9483dadffb2743ee5e098654b4bc1dc80ac46; Download | Favorite | View

phpList 3.0.10 Insecure Direct Object Reference

# Affected software: phplist
# Type of vulnerability: insecure object reference
# URL:phplist.com
# Discovered by: Provensec
# Website: http://www.provensec.com

#version: phpList ltd. - v3.0.10
# Proof of concept

insecure object refrenced on page deltetation

vuln param:delete


example:

http://demo.phplist.com/lists/admin/?page=send&delete=2&tk=035d99

ref:
https://www.owasp.org/index.php/Testing_for_Insecure_Direct_Object_References_%28OTG-AUTHZ-004%29

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

phpList 3.0.10 Insecure Direct Object Reference

phpList 3.0.10 Insecure Direct Object Reference

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

phpList 3.0.10 Insecure Direct Object Reference

Share This

phpList 3.0.10 Insecure Direct Object Reference

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems