Thursday, November 10, 2016
[FD] e107 CMS <= 2.1.2 Privilege Escalation
# Exploit Title: e107 CMS 2.1.2 Privilege Escalation # Date: 09-11-2016 # Software Link: http://e107.org/ # Exploit Author: Kacper Szurek # Contact: http://twitter.com/KacperSzurek # Website: http://security.szurek.pl/ # Category: webapps 1. Description Datas from `$_POST['updated_data']` inside `usersettings.php` are not properly validated so we can set `user_admin`. http://security.szurek.pl/e107-cms-211-privilege-escalation.html 2. Proof of Concept
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment