Bugtraq mailing list archives
LinksCaffe no checker at admin
From: hoangyenxinhdep () yahoo com
Date: 29 Aug 2006 04:57:09 -0000
Gonafish.com LinksCaffe 3.0 is free link indexing directory, we found that the file admin1953.php can be accessed directly to get full administration rights without password and username. Proof of exploit: http://www.example.com/[path_to_linksCaffe]/Admin/admin1953.php Or the images of mirror http://vietnamsecurity.googlepages.com/1.JPG http://vietnamsecurity.googlepages.com/2.JPG http://vietnamsecurity.googlepages.com/3.JPG Affected LinksCaffe 2.0, 3.0, Pro no test Fix : Easy to fix, just put checker to the file HoangYenXinhDep Vietnam Security Team http://www.vnsecurity.com
Current thread:
- LinksCaffe no checker at admin hoangyenxinhdep (Aug 29)