Dream Gallery 2.0 - Admin Panel Authentication Bypass

EDB-ID:

39934

CVE:

N/A

EDB Verified:

Author:

Ali BawazeEer

Type:

webapps

Exploit:   /  

Platform:

PHP

Date:

2016-06-13

Vulnerable App: 
<!--
# Exploit Title:  Dream Gallery 2.0 - Admin panel Authentication bypass
# Date: 13th June 2016
# Exploit Author: Ali BawazeEer
# Vendor Homepage: http://phpstaff.com.br/
# Version: 2.0

--!>


=======================================================================================================

Dream Gallery 2.0 Admin panel Authentication bypass 

Description : An Attackers are able to completely compromise the web application built upon
Dream Gallery as they can gain access to the admin panel and 
manage the website as an admin without prior authentication!


Step 1: Create a rule in No-Redirect Add-on: ^http://example.com/path/admin/login.php
Step 2: Access http://example.com/path/admin/index.php


Risk : Unauthenticated attackers are able to gain full access to the administrator panel
and thus have total control over the web application, including content change,add admin user .. etc

=======================================================================================================
potential fix 


<?php 
session_start(); 
if (!isset($_SESSION["auth"])) {         
exit(header('Location: admin/login.php')); 
} 

?>


[+] Exploit by: Ali BawazeEer
[+] Twitter:@AlibawazeEer
[+] Linkedin : https://www.linkedin.com/in/AliBawazeEer
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services