English | Vietnamese
 

banner

[Rule] Rules  [Home] Main Forum  [Portal] Portal  
[Members] Member Listing  [Statistics] Statistics  [Search] Search  [Reading Room] Reading Room 
[Register] Register   [Login] Loginhttp  | https  ]
 
Forum Index Thông tin new bugs và exploits Gonafish.com LinksCaffe 3.0  XML
  [Question]   Gonafish.com LinksCaffe 3.0 31/08/2006 02:53:02 (+0700) | #1 | 19314
[Avatar]
 H0angY3nXinhdep
Member
[Minus]    0    [Plus]
Joined: 28/06/2006 12:58:49
Messages: 9
Offline
[Profile] [PM] [WWW] [Yahoo!]
Gonafish.com LinksCaffe 3.0 is free link indexing directory, we found that the file admin1953.php can be accessed directly to get full administration rights without password and username.

Proof of exploit:

http://www.example.com/[path_to_linksCaffe]/Admin/admin1953.php

Or the images of mirror

http://vietnamsecurity.googlepages.com/1.JPG

http://vietnamsecurity.googlepages.com/2.JPG

http://vietnamsecurity.googlepages.com/3.JPG

Affected

LinksCaffe 2.0, 3.0, Pro no test

Fix : Easy to fix, just put checker to the file

http://www.securityfocus.com/archive/1/444636/30/0/threaded
[Up] [Print Copy]
[digg] [delicious] [google] [yahoo] [technorati] [reddit] [stumbleupon]
Go to: 
 Users currently in here 
1 Anonymous

Powered by JForum - Extended by HVAOnline
 hvaonline.net  |  hvaforum.net  |  hvazone.net  |  hvanews.net  |  vnhacker.org
1999 - 2013 © v2012|0504|218|