<<< Date Index >>>     <<< Thread Index >>>

KvGuestbook Remote Add Admin Exploit



Version : 1.0 Beta

Download : http://www.killervault.com

Files : guestbook.php

Error : function dologin() {
        global $mysql, $gbpass, $gburl;
        $time = time() + 86400*365;
        if($gbpass == $mysql['pass']) {
                setcookie('kvgbcookie', $mysql['pass'], $time, '/');
        }
        header("Location: $gburl");
}

$mysql, $gbpass, $gburl

Mysql & Admin Pass & Admin Name