Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

LinksCaffe no checker at admin

From: hoangyenxinhdep () yahoo com
Date: 29 Aug 2006 04:57:09 -0000
Gonafish.com LinksCaffe 3.0 is free link indexing directory, we found that the file admin1953.php can be accessed 
directly to get full administration rights without password and username. 

Proof of exploit:
http://www.example.com/[path_to_linksCaffe]/Admin/admin1953.php

Or the images of mirror
http://vietnamsecurity.googlepages.com/1.JPG
http://vietnamsecurity.googlepages.com/2.JPG
http://vietnamsecurity.googlepages.com/3.JPG

Affected
LinksCaffe 2.0, 3.0, Pro no test

Fix : Easy to fix, just put checker to the file

HoangYenXinhDep
Vietnam Security Team
http://www.vnsecurity.com
Previous By Date Next
Previous By Thread Next

Current thread: