mAlbum v0.3 admin by default user/pass

2007.02.22
Credit: sn0oPy
Risk: High
Local: No
Remote: Yes
CWE: CWE-264


CVSS Base Score: 10/10
Impact Subscore: 10/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

* mAlbum v0.3 admin by default user/pass * By : sn0oPy * Risk : high * exploit : at http://www.target.ma/malbum/index.php (when private images) Login : login Password : pass after login, you can creat new admin account, delete it,... Dork : inurl:"malbum/" * Default user/pass present here : ...malbumphotosusers.php <?php $users = $admins = array(); $users['dqsfg'] = array('PASSWORD' => 'sdfg'); $admins['login'] = array( 'PASSWORD' => 'pass', 'DELETE_PHOTO', 'COMMENT_PHOTO', 'COMMENT_ALBUM', 'MANAGE_USER', 'MANAGE_ADMIN', ); ?> * contact : sn0oPy (at) avenir-geopolitique (dot) net [email concealed] * greetz : [subzero], http://forums.avenir-geopolitique.net. * Reference : http://forums.avenir-geopolitique.net/viewtopic.php?t=2677


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top