The admin1953.php file included in LinksCaffe version 3.0 allows for direct access giving an attacker full administrative privileges.
240cbbbde655ba594f56dcfe2c5733dc3ff3c9ab647a203bcf9ad913eb14fa16
Gonafish.com LinksCaffe 3.0 is free link indexing directory, we found that the file admin1953.php can be accessed directly to get full administration rights without password and username.
Proof of exploit:
http://www.example.com/[path_to_linksCaffe]/Admin/admin1953.php
Or the images of mirror
http://vietnamsecurity.googlepages.com/1.JPG
http://vietnamsecurity.googlepages.com/2.JPG
http://vietnamsecurity.googlepages.com/3.JPG
Affected
LinksCaffe 2.0, 3.0, Pro no test
Fix : Easy to fix, just put checker to the file
HoangYenXinhDep
Vietnam Security Team
http://www.vnsecurity.com