JBrowser 1.0/2.x Unauthorized Admin Access Vulnerability

2004-01-30T00:00:00
ID EDB-ID:23628
Type exploitdb
Reporter Himeur Nourredine
Modified 2004-01-30T00:00:00

Description

JBrowser 1.0/2.x Unauthorized Admin Access Vulnerability. CVE-2007-1156. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/9537/info

Due to a lack of access validation to the '_admin' directory, malevolent users may be able to execute arbitrary admin scripts. This may allow a malicious user to upload arbitrary files to the affected system and gain access to files outside of the web server root directory. There may also be other consequences associated with this vulnerability. 

http://www.example.org/_admin/
http://www.example.org/_admin/list_all.php?folder=../
http://www.example.org/_admin/upload.php