phpFoX (AllVersion) Login to any Account
#Exploit found by Mx [at] hackmx.net #Login as any user/admin/mod #Action event only once This exploit will allow you to action an event per login, on any account in phpFoX (All Versions). 1> Create an account on phpFox, after activating the account, login. 2> Go to edit your cookies. 3> The domain which has phpFoX installed, find the cookie "NATIO" and the value of this cookie should be the account you just created. 4> Go to edit profile in your own account, or anything in your own account, and then change the value of NATIO to the account you want to edit. 5> Save the cookie, and hit submit to submit the information you are editing. 6> The information on their page will change, but the next time you click something you will be logged out. # www.hackmx.net # Exploit found May 20, 2006 ----------------------------
