Computer Security

Security Advisory: KvGuestbook Remote Add Admin Exploit
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  Philboard (id) Remote SQL Injection

  [ECHO_ADV_64$2007] Openi CMS plugins (site protection) remote file inclusion

  MediaWiki Full Path Disclosure Vulnerability

  phpPolls 1.0.3 (acces to sensitive file)

From:crazy_king_(at)_eno7.org <crazy_king_(at)_eno7.org>
Date:12.02.2007
Subject:KvGuestbook Remote Add Admin Exploit

Version : 1.0 Beta

Download : http://www.killervault.com

Files : guestbook.php

Error : function dologin() {
       global $mysql, $gbpass, $gburl;
       $time = time() + 86400*365;
       if($gbpass == $mysql['pass']) {
               setcookie('kvgbcookie', $mysql['pass'], $time, '/');
       }
       header("Location: $gburl");
}

$mysql, $gbpass, $gburl

Mysql & Admin Pass & Admin Name
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru