linkscaffe30.txt

2006-08-30T00:00:00
ID PACKETSTORM:49551
Type packetstorm
Reporter HoangYenXinhDep
Modified 2006-08-30T00:00:00

Description

                                        
                                            `Gonafish.com LinksCaffe 3.0 is free link indexing directory, we found that the file admin1953.php can be accessed directly to get full administration rights without password and username.   
  
Proof of exploit:  
http://www.example.com/[path_to_linksCaffe]/Admin/admin1953.php  
  
Or the images of mirror  
http://vietnamsecurity.googlepages.com/1.JPG  
http://vietnamsecurity.googlepages.com/2.JPG  
http://vietnamsecurity.googlepages.com/3.JPG  
  
Affected  
LinksCaffe 2.0, 3.0, Pro no test  
  
Fix : Easy to fix, just put checker to the file  
  
HoangYenXinhDep  
Vietnam Security Team  
http://www.vnsecurity.com  
`