Security Advisory: LinksCaffe no checker at admin - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Related information
  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  Vulnerability: ModernBill Insecure CURL Settings
  Уязвимости в CMS WebDirector
  phpECard (functions.
php) Remote File Inclusion Exploit
  ExBB Italian version <= v2.0 (home_path) Remote File Inclusion Exploit

From: hoangyenxinhdep_(at)_yahoo.com <hoangyenxinhdep_(at)_yahoo.com>
Date: 30.08.2006
Subject: LinksCaffe no checker at admin

Gonafish.com LinksCaffe 3.0 is free link indexing directory, we found that the file admin1953.php can
be accessed directly to get full administration rights without password and username.

Proof of exploit:
http://www.example.com/[path_to_linksCaffe]/Admin/admin1953.php

Or the images of mirror
http://vietnamsecurity.googlepages.com/1.JPG
http://vietnamsecurity.googlepages.com/2.JPG
http://vietnamsecurity.googlepages.com/3.JPG

Affected
LinksCaffe 2.0, 3.0, Pro no test

Fix : Easy to fix, just put checker to the file

HoangYenXinhDep
Vietnam Security Team
http://www.vnsecurity.com

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod