Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Holes in "2037 Gestion Liens Alpha"

From: "Frog Man" <leseulfrog () hotmail com>
Date: Sat, 09 Feb 2002 14:20:42 +0100
The first hole allows to acceder in the admin links menu.
For that purpose, it is enough to send a cookie with the name " cliens " and the value " admin_access " on the page www.host.com/links2037filename?fct=admin&idmpdv=Administrez . 

The second allows to by-pass the security against crack.
Normally, 3 login attempts are allowed. But with the url www.host.com/links2037filename?fct=log&hacker=-1000 , 1003 login attemps are allowed. 

2037links has been alerted.
More details in french :
http://www.bal-team.t2u.com/Tuts/liens2037.txt

frog-m@n



_________________________________________________________________
Téléchargez MSN Explorer gratuitement à l'adresse http://explorer.msn.fr/intl.asp.
Previous By Date Next
Previous By Thread Next

Current thread: