Latest YouTube Video

Thursday, November 10, 2016

[FD] e107 CMS <= 2.1.2 Privilege Escalation

# Exploit Title: e107 CMS 2.1.2 Privilege Escalation # Date: 09-11-2016 # Software Link: http://e107.org/ # Exploit Author: Kacper Szurek # Contact: http://twitter.com/KacperSzurek # Website: http://security.szurek.pl/ # Category: webapps 1. Description Datas from `$_POST['updated_data']` inside `usersettings.php` are not properly validated so we can set `user_admin`. http://security.szurek.pl/e107-cms-211-privilege-escalation.html 2. Proof of Concept

No comments: