phpFoX could allow a malicious person to log in as any user by editing their cookie.
eeb50c5357012c97138995cc8bee7e00955024516aa814216834b45304cb7f8cphpFoX (AllVersion) Login to any Account
#Exploit found by Mx [at] hackmx.net
#Login as any user/admin/mod
#Action event only once
This exploit will allow you to action an event per login, on any account in phpFoX (All Versions).
1> Create an account on phpFox, after activating the account, login.
2> Go to edit your cookies.
3> The domain which has phpFoX installed, find the cookie "NATIO" and the value of this cookie should be the account you just created.
4> Go to edit profile in your own account, or anything in your own account, and then change the value of NATIO to the account you want to edit.
5> Save the cookie, and hit submit to submit the information you are editing.
6> The information on their page will change, but the next time you click something you will be logged out.
# www.hackmx.net
# Exploit found May 20, 2006
----------------------------
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed