Py-Membres 4.x Secure.PHP Unauthorized Access Vulnerability

2003-08-26T00:00:00
ID EDB-ID:23060
Type exploitdb
Reporter frog
Modified 2003-08-26T00:00:00

Description

Py-Membres 4.x Secure.PHP Unauthorized Access Vulnerability. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/8499/info

A vulnerability has been reported for Py-Membres that allows remote attackers to obtain administrative privileges on vulnerable installations.

Reportedly, Py-Membres does not fully check some URI parameters. Thus it is possible for an attacker to manipulate URI parameters and log into the system as an administrative user without the need for passwords.

http://www.example.com/admin/admin.php?adminpy=1