Results 1 to 6 of 6

Thread: Exploit in Classipress

  1. #1
    Thread Starter
    Veteran annonse's Avatar
    Join Date
    Jun 2011
    Location
    Norway
    Posts
    439
    Thanks
    58
    Thanked 62 Times in 44 Posts

    Exploit in Classipress

    I believe I might have found an expoit in Classipress, or at least it seems like it. I have had problems using the fb integration in the latest version meaning I have to log out of fb if I want to login to cp as admin since I once tried the facebook connect to login to cp. Even if I delete my fb user in cp admin, it recreates itself if I'm logged into fb when I go to cp! That's scary.... Well, regarding the exploit, I was logged as admin into cp, tabbed a new page and logged into fb. then went back to cp (forgot to log out of fb) and wanted to do something in cp admin. Then, cp logged out my admin, and auto logged me as my fb id, but admin page remained - partielly. All WP related liniks went away, but cp related links remained. I was able to browse all cp related items in admin as my fb user which do not have admin right. It didn't seem like I had any admin rights, I could not edit or delete anything and when I tried to add an ad, screen layout was messed up. But I believe normal users is not supposed to be able to be anywhere in the admin backend, right?

  2. #2
    Thread Starter
    Veteran annonse's Avatar
    Join Date
    Jun 2011
    Location
    Norway
    Posts
    439
    Thanks
    58
    Thanked 62 Times in 44 Posts
    You must be an AppThemes customer and logged in to view this response. Join today!

  3. #3
    Thread Starter
    Veteran annonse's Avatar
    Join Date
    Jun 2011
    Location
    Norway
    Posts
    439
    Thanks
    58
    Thanked 62 Times in 44 Posts
    You must be an AppThemes customer and logged in to view this response. Join today!

  4. #4
    Veteran barukar's Avatar
    Join Date
    Sep 2010
    Location
    Brasil, São Paulo, SP
    Posts
    6,785
    Thanks
    186
    Thanked 742 Times in 623 Posts
    You must be an AppThemes customer and logged in to view this response. Join today!
    -------------------------------------------------------------------------------------------
    Projects: ClassiNoiva - Classimóveis - vocênoenem - i50 - Clube DETRAN

  5. #5
    Thread Starter
    Veteran annonse's Avatar
    Join Date
    Jun 2011
    Location
    Norway
    Posts
    439
    Thanks
    58
    Thanked 62 Times in 44 Posts
    You must be an AppThemes customer and logged in to view this response. Join today!

  6. #6
    Veteran barukar's Avatar
    Join Date
    Sep 2010
    Location
    Brasil, São Paulo, SP
    Posts
    6,785
    Thanks
    186
    Thanked 742 Times in 623 Posts
    You must be an AppThemes customer and logged in to view this response. Join today!
    -------------------------------------------------------------------------------------------
    Projects: ClassiNoiva - Classimóveis - vocênoenem - i50 - Clube DETRAN

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Heads up - Security Exploit Found: Upgrade WPTouch, AddThis and W3 Total Cache
    By bluecafe in forum WordPress General Discussion
    Replies: 2
    Last Post: June 28th, 2011, 08:26 AM