Khalil Shreateh specializes in cybersecurity, particularly as a "white hat" hacker. He focuses on identifying and reporting security vulnerabilities in software and online platforms, with notable expertise in web application security. His most prominent work includes discovering a critical flaw in Facebook's system in 2013. Additionally, he develops free social media tools and browser extensions, contributing to digital security and user accessibility.

Get Rid of Ads!


Subscribe now for only $3 a month and enjoy an ad-free experience.

Contact us at khalil@khalil-shreateh.com

Latest Posts

 

 

lyris.3-4.txt

Details
Written by: khalil shreateh
Category: Vulnerabilities
Hits: 3
lyris.3-4.txt
lyris.3-4.txt
lyris.3-4.txt

Versions 3 and 4 of the Lyris List Manager allow lyris.3-4.txt

Versions 3 and 4 of the Lyris List Manager allow any mailing list
subscriber to gain access to the administrative interface of that list.
After a user has logged in, they may modify the generated web page as
follows to gain access:

Save the html to disk, and add the full path to the server into the FORM
tag. This allows it to be submitted when loaded from disk. Next change
the value of=20

<INPUT TYPE=3D"hidden" NAME=3D"list_admin" VALUE=3D"F">

to a "T". When the page is loaded back in the browser the user has
complete access to all list administrator functions. =20

Lyris has been notified, and a fix is available at
http://www.lyris.com/lm/lm_updates.html


-Adam

Note: I am not a representative of Lyris
Social Media Share