KvGuestbook Remote Add Admin Exploit

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: KvGuestbook Remote Add Admin Exploit
From: crazy_king@xxxxxxxx
Date: 11 Feb 2007 12:37:26 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Version : 1.0 Beta

Download : http://www.killervault.com

Files : guestbook.php

Error : function dologin() {
        global $mysql, $gbpass, $gburl;
        $time = time() + 86400*365;
        if($gbpass == $mysql['pass']) {
                setcookie('kvgbcookie', $mysql['pass'], $time, '/');
        }
        header("Location: $gburl");
}

$mysql, $gbpass, $gburl

Mysql & Admin Pass & Admin Name

Prev by Date: Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers)
Next by Date: Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers)
Previous by thread: Multiple vulnerabilities in phpMyVisites
Next by thread: Arbitrary file disclosure vulnerability in php rrd browser < 0.2.1 (prb)
Index(es):
- Date
- Thread