klout.com cookie vulnerability – full disclosure – Proof of concept

5 04 2010

Today, I have discovered a vulnerability within klout.com.
This bug allows you to update other people’s stats, change their password, or their email.

The vulnerability is situated in the cookies.

To achieve the desired result, you must edit your cookies (through, for example, the firecookie plug-in for the firebug add-on for firefox)
Read the rest of this entry »

Advertisements