header-logo
Suggest Exploit
vendor:
Prozilla Topsites
by:
t0pP8uZz
7.5
CVSS
HIGH
Arbitrary Edit/Add Users
287
CWE
Product Name: Prozilla Topsites
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE: N/A
CPE: a:prozilla:prozilla_topsites
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Prozilla Topsites 1.0 Arbitrary Edit/Add Users Vulnerability

Prozilla TopSites is vulnerable due to bad session handling, multiple admin area files are not validating the users that is viewing it, therefor making it viewiable to anyone, even unregistered people. An attacker can exploit this vulnerability to gain access to the admin area and edit/add users.

Mitigation:

Ensure that all admin area files are properly validated and that session handling is secure.
Source

Exploit-DB raw data:

--==+================================================================================+==--
--==+	    Prozilla Topsites 1.0 Arbitrary Edit/Add Users Vulnerability             +==--
--==+================================================================================+==--



Discovered By: t0pP8uZz
Discovered On: 7 April 2008
Script Download: http://prozilla.net
DORK: N/A

Vendor Has Not Been Notified!


DESCRIPTION: 
Prozilla TopSites in vulnerable due to bad session handling, multiple admin area files are not
validating the users that is viewing it, therefor making it viewiable to anyone, even unregistered people.

below you will find a URL that will locate the add and edit users page.


Vulnerability:
http://site.com/siteadmin/addu.php
http://site.com/siteadmin/editu.php
http://site.com/siteadmin/uidx.php


NOTE/TIP: 
edit admin's password login to view all admin features  ;) 


GREETZ: milw0rm.com, h4ck-y0u.org, CipherCrew !



--==+================================================================================+==--
--==+	    Prozilla Topsites 1.0 Arbitrary Edit/Add Users Vulnerability             +==--
--==+================================================================================+==--

# milw0rm.com [2008-04-06]

Navigation

Suggest Exploit

Services By CQR