<<< Date Index >>>     <<< Thread Index >>>

LinksCaffe no checker at admin



Gonafish.com LinksCaffe 3.0 is free link indexing directory, we found that the 
file admin1953.php can be accessed directly to get full administration rights 
without password and username. 

Proof of exploit:
http://www.example.com/[path_to_linksCaffe]/Admin/admin1953.php

Or the images of mirror
http://vietnamsecurity.googlepages.com/1.JPG
http://vietnamsecurity.googlepages.com/2.JPG
http://vietnamsecurity.googlepages.com/3.JPG

Affected
LinksCaffe 2.0, 3.0, Pro no test

Fix : Easy to fix, just put checker to the file

HoangYenXinhDep
Vietnam Security Team
http://www.vnsecurity.com