Bug: KvGuestbook Remote Add Admin Exploit ( Ascii Version )

Search:
WLB2

KvGuestbook Remote Add Admin Exploit

Published
Credit
Risk
2007.02.17
crazy_king
Medium
CWE
CVE
Local
Remote
N/A
CVE-2007-0926
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

Version : 1.0 Beta

Download : http://www.killervault.com

Files : guestbook.php

Error : function dologin() {
global $mysql, $gbpass, $gburl;
$time = time() + 86400*365;
if($gbpass == $mysql['pass']) {
setcookie('kvgbcookie', $mysql['pass'], $time, '/');
}
header("Location: $gburl");
}

$mysql, $gbpass, $gburl

Mysql & Admin Pass & Admin Name

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version