0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ [email protected] ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
XenForo 1.5.x Remote Code Execution Vulnerability
XenForo 1.5.x Remote Code Execution Vulnerability 1. ADVISORY INFORMATION ======================= Product: XenForo Vendor URL: xenforo.com Type: Code Injection [CWE-94] Date found: 2016-12-09 Date published: 2016-12-15 CVSSv3 Score: 9.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C) CVE: - 2. CREDITS ========== This vulnerability was discovered and researched by indepent security expert Vishal Mishra. 3. VERSIONS AFFECTED ==================== XenForo 1.5.x versions prior to 1.5.11a. Older versions may be affected too but were not tested. 4. VULNERABILITY DETAILS ======================== The vulnerability allows a remote attacker to overwrite arbitrary PHP variables within the context of the vulnerable application. The vulnerability exists due to insufficient validation of user-supplied input in an HTTP cookie, thus allowing to read sensitive information from the XenForo database like usernames and passwords. Since the affected script does not require an authentication, this vulnerability can be exploited by an unauthenticated attacker. 5. PROOF OF CONCEPT =================== The following proof-of-concept exploit the vulnerable HTTP cookie and execute the phpinfo() function: Detailed proof of concept has been removed for this advisory. 6. SOLUTION =========== Update to the latest version v1.5.11a 7. REPORT TIMELINE ================== 2016-12-09: Discovery of the vulnerability 2016-12-11: Notified vendor via contact address 2016-12-13: Vendor provides update 2016-12-13: Provided update fixes the reported issues 2016-12-13: Vendor publishes update 2016-12-15: Coordinated release of security advisory without proof of concept 8. DISCLAIMER ============= Disclaimer: The information provided in this Advisory is provided "as is" and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible. # 0day.today [2024-03-28] #