LinksCaffe no checker at admin
Gonafish.com LinksCaffe 3.0 is free link indexing directory, we found that the
file admin1953.php can be accessed directly to get full administration rights
without password and username.
Proof of exploit:
http://www.example.com/[path_to_linksCaffe]/Admin/admin1953.php
Or the images of mirror
http://vietnamsecurity.googlepages.com/1.JPG
http://vietnamsecurity.googlepages.com/2.JPG
http://vietnamsecurity.googlepages.com/3.JPG
Affected
LinksCaffe 2.0, 3.0, Pro no test
Fix : Easy to fix, just put checker to the file
HoangYenXinhDep
Vietnam Security Team
http://www.vnsecurity.com