[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Ektron CMS TakeOver Part (2) - PaylPal-Forward.com demonstration

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Ektron CMS TakeOver Part (2) - PaylPal-Forward.com demonstration
From: Mark Litchfield <mark@xxxxxxxxxxxxxx>
Date: Mon, 03 Feb 2014 14:58:15 -0800

As previously stated, I would post an update for Ektron CMS bypassingthe security fix.

A full step by step with the usual screen shots can be found at -http://www.securatary.com/vulnerabilities

In this example, we use www.paypal-forward.com as a demonstration site.I would like to say that PayPal fixed this issue with their ownworkaround extremely quickly. Excellent work by their security / dev team.


All the best

Mark Litchfield
www.securatary.com


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] Various Vulnerabilities - SiteCore CMS / Mura CMS / Ektron CMS / SmarterMail / Yahoo / Paypal
Next by Date: [Full-disclosure] [CVE-2014-1836] Arbitrary file deletion in ImpressCMS < 1.3.6 and two XSS issues
Previous by thread: [Full-disclosure] Various Vulnerabilities - SiteCore CMS / Mura CMS / Ektron CMS / SmarterMail / Yahoo / Paypal
Next by thread: [Full-disclosure] [CVE-2014-1836] Arbitrary file deletion in ImpressCMS < 1.3.6 and two XSS issues
Index(es):
- Date
- Thread