Computer Security

Security Advisory: Adult Script Unauthorized Administrative Access Exploit
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  Information disclosure vulnerabilities in WordPress

  Anon Proxy Server - Remote Code Execution

  Wordpress - Broken Access Control

  PHP RPG - Sql Injection and Session Information Disclosure.

From:admin_(at)_biyofrm.com <admin_(at)_biyofrm.com>
Date:16.12.2007
Subject:Adult Script Unauthorized Administrative Access Exploit

Adult Script Unauthorized Administrative Access Exploit

Exploit Coded By Liz0ziM From BiyoSecurityTeam
Greetz My all friend and BiyoSecurityTeam User..
Software site: http://www.adultscript.net/
Demo: http://www.adultscript.net/demo/
Vulnerable code in admin/administrator.php near lines 5-8

( ($_SESSION['adminid']=="") && ($_SESSION['admintype'] !=1))
{
header("Location: logout.php"); // Bypass Me
}


Dork:
inurl:submit-user-link.html
inurl:video-listing-cat
inurl:hosted-videos
inurlorn-listing-cat
"Powered By AdultScript.NET"
"Copyright 2007 [IAG].AdultScript.v1.5.Nulled"

EXPLOİT URL : www.r57.li/adult.php
EXPLOİT TXT : www.r57.li/adult.txt
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Рейтинг@Mail.ru