Vulnerability Development mailing list archives
Holes in "2037 Gestion Liens Alpha"
From: "Frog Man" <leseulfrog () hotmail com>
Date: Sat, 09 Feb 2002 14:20:42 +0100
The first hole allows to acceder in the admin links menu.For that purpose, it is enough to send a cookie with the name " cliens " and the value " admin_access " on the page www.host.com/links2037filename?fct=admin&idmpdv=Administrez .
The second allows to by-pass the security against crack.Normally, 3 login attempts are allowed. But with the url www.host.com/links2037filename?fct=log&hacker=-1000 , 1003 login attemps are allowed.
2037links has been alerted. More details in french : http://www.bal-team.t2u.com/Tuts/liens2037.txt frog-m@n _________________________________________________________________Téléchargez MSN Explorer gratuitement à l'adresse http://explorer.msn.fr/intl.asp.
Current thread:
- Holes in "2037 Gestion Liens Alpha" Frog Man (Feb 09)