Bugtraq mailing list archives

Wiki Remote Authentication Bypass Vulnerability

From: DoZ () HackersCenter com
Date: 12 Mar 2007 02:55:02 -0000

Wiki Remote Authentication Bypass Vulnerability



The Exploit Works 100 % of the time. It really is up to the admin to add security
like locking a page to prevent editing. There are Two ways of having this Exploit
work. One is simply add the code (example 1) after the Page you wanna test or if that dosent work, add Code (example 2) 
and Exploit code after the new pages Name! Anyone using any type of Wiki project is vulnerable. Successfully exploiting 
this issue allows remote attackers to gain remote administrative access to the vulnerable sites Pages. Attackers can 
use a browser to exploit this issue.


Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz



Class: Access Validation Error

Remote: Yes



Vendor: http://www.wiki.org/
Version: N/A



Exploit: ?action=edit

Example 1: http://www.Site.com/wiki/Main_Page?action=edit

Example 2: http://www.Site.com/wiki/Hacked?action=edit



Proff of Concept: (Concealed)



Security researcher? Join us: mail Zinho at zinho at hackerscenter.com

Current thread:

Wiki Remote Authentication Bypass Vulnerability DoZ (Mar 12)
- Re: Wiki Remote Authentication Bypass Vulnerability Matt D. Harris (Mar 12)