Privilege escalation
Status: Beta
Brought to you by:
zeph1ro
Menu
▾
▴
#2 Privilege escalation
If someone has a nonadmin acount for the webfilemanager to view uplaoded documents one can create a new admin user by calling the create function of the user administration e.g. http://hostip/?&to=admin&action=create&username=NewAdminUser&password=NewPassword&admin=on
After that the attacker can log in with the created user NewAdminUser and the password NewPassword and has admin privileges.
