Wiki Remote Authentication Bypass Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Wiki Remote Authentication Bypass Vulnerability
From: DoZ@xxxxxxxxxxxxxxxxx
Date: 12 Mar 2007 02:55:02 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Wiki Remote Authentication Bypass Vulnerability



The Exploit Works 100 % of the time. It really is up to the admin to add 
security
like locking a page to prevent editing. There are Two ways of having this 
Exploit
work. One is simply add the code (example 1) after the Page you wanna test or 
if that dosent work, add Code (example 2) and Exploit code after the new pages 
Name! Anyone using any type of Wiki project is vulnerable. Successfully 
exploiting this issue allows remote attackers to gain remote administrative 
access to the vulnerable sites Pages. Attackers can use a browser to exploit 
this issue.


Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz



Class: Access Validation Error

Remote: Yes



Vendor: http://www.wiki.org/
Version: N/A



Exploit: ?action=edit

Example 1: http://www.Site.com/wiki/Main_Page?action=edit

Example 2: http://www.Site.com/wiki/Hacked?action=edit



Proff of Concept: (Concealed)



Security researcher? Join us: mail Zinho at zinho at hackerscenter.com

Follow-Ups:
- Re: Wiki Remote Authentication Bypass Vulnerability
  - From: Matt D. Harris

Prev by Date: Remote File Include In ClipShare.v1.5.3
Next by Date: Re: Php Nuke POST XSS on steroids
Previous by thread: Remote File Include In ClipShare.v1.5.3
Next by thread: Re: Wiki Remote Authentication Bypass Vulnerability
Index(es):
- Date
- Thread