Wiki Remote Authentication Bypass Vulnerability
Wiki Remote Authentication Bypass Vulnerability
The Exploit Works 100 % of the time. It really is up to the admin to add
security
like locking a page to prevent editing. There are Two ways of having this
Exploit
work. One is simply add the code (example 1) after the Page you wanna test or
if that dosent work, add Code (example 2) and Exploit code after the new pages
Name! Anyone using any type of Wiki project is vulnerable. Successfully
exploiting this issue allows remote attackers to gain remote administrative
access to the vulnerable sites Pages. Attackers can use a browser to exploit
this issue.
Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz
Class: Access Validation Error
Remote: Yes
Vendor: http://www.wiki.org/
Version: N/A
Exploit: ?action=edit
Example 1: http://www.Site.com/wiki/Main_Page?action=edit
Example 2: http://www.Site.com/wiki/Hacked?action=edit
Proff of Concept: (Concealed)
Security researcher? Join us: mail Zinho at zinho at hackerscenter.com