| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.64.0712070221520.32603@forced.attrition.org>
Date: Fri, 7 Dec 2007 02:23:35 +0000 (UTC)
From: security curmudgeon <jericho@...rition.org>
To: ilkerkandemir@...et.com
Cc: bugtraq@...urityfocus.com
Subject: Re: BellaBiblio Admin Login Bypass
: BellaBiblio Admin Login Bypass
:
: SCRIPT: BellaBiblio
:
: DOWNLOAD: http://www.jemjabella.co.uk/scripts/BellaBiblio.zip
:
: AUTHOR: ilker kandemir <ilkerkandemir[at]mynet.com>
:
: Bug in;(admin.php)
: if (isset($_COOKIE['bellabiblio'])) {
: if ($_COOKIE['bellabiblio'] == md5($admin_name.$admin_pass.$secret)) {
: if (isset($_GET['ap'])) $page = $_GET['ap']; else $page = "";
:
: EXPLOIT:
:
: Set your cookie: bellabiblio=administrator http:/site.com/admin.php
: And you have full admin access
As discussed on VIM, this and several of your other postings are all
incorrect or have caveats for them to work.
http://attrition.org/pipermail/vim/2007-July/001733.html
http://attrition.org/pipermail/vim/2007-July/001736.html
http://attrition.org/pipermail/vim/2007-July/001745.html
Regarding your phpWebFileManager posting, also false:
http://attrition.org/pipermail/vim/2007-July/001744.html
Powered by blists - more mailing lists