BugTraq
Back to list
|
Post reply
LinksCaffe no checker at admin
Aug 29 2006 04:57AM
hoangyenxinhdep yahoo com
Gonafish.com LinksCaffe 3.0 is free link indexing directory, we found that the file admin1953.php can be accessed directly to get full administration rights without password and username.
Proof of exploit:
http://www.example.com/[path_to_linksCaffe]/Admin/admin1953.php
Or the images of mirror
http://vietnamsecurity.googlepages.com/1.JPG
http://vietnamsecurity.googlepages.com/2.JPG
http://vietnamsecurity.googlepages.com/3.JPG
Affected
LinksCaffe 2.0, 3.0, Pro no test
Fix : Easy to fix, just put checker to the file
HoangYenXinhDep
Vietnam Security Team
http://www.vnsecurity.com
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Proof of exploit:
http://www.example.com/[path_to_linksCaffe]/Admin/admin1953.php
Or the images of mirror
http://vietnamsecurity.googlepages.com/1.JPG
http://vietnamsecurity.googlepages.com/2.JPG
http://vietnamsecurity.googlepages.com/3.JPG
Affected
LinksCaffe 2.0, 3.0, Pro no test
Fix : Easy to fix, just put checker to the file
HoangYenXinhDep
Vietnam Security Team
http://www.vnsecurity.com
[ reply ]