Gigya Socialize – ADMIN EXPLOIT | WordPress.org

kanem
(@kanem)

14 years, 1 month ago

everybody using Gigya Socialize plugin on wordpress 2.9.1 can be exploited. users are logged in as admin if they are using the twitter connect feature of Gygia on wp-login.

Viewing 2 replies - 1 through 2 (of 2 total)

Gigya-inc
(@gigya-inc)

14 years, 1 month ago

Hi Kanem,

Can you please send me the URL where this had happened to you or write steps I can follow in order to reproduce this situation?

I logged into 5 different sites using twitter and I didn’t have admin access in any of them.

Thank you,
Miri Oliel
-Gigya

Franco Frenette
(@francofrenette)

14 years ago

I came across this too. If the twitter email is the same as the admin email i believe, it logs you in as the admin. It happened to me. I was logged out of the admin, used twitter to login and it brought me straight in the admin area, logged in as the administrator with all the admin options. Email me if you want, I can demonstrate it so you can fix.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Gigya Socialize – ADMIN EXPLOIT’ is closed to new replies.

Tags

exploit

In: Plugins
2 replies
3 participants
Last reply from: Franco Frenette
Last activity: 14 years ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics