KvGuestbook Remote Add Admin Exploit Feb 11 2007 12:37PM
crazy_king eno7 org
Version : 1.0 Beta

Download : http://www.killervault.com

Files : guestbook.php

Error : function dologin() {
global $mysql, $gbpass, $gburl;
$time = time() + 86400*365;
if($gbpass == $mysql['pass']) {
setcookie('kvgbcookie', $mysql['pass'], $time, '/');
}
header("Location: $gburl");
}

$mysql, $gbpass, $gburl

Mysql & Admin Pass & Admin Name

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus