Olate Download 3.4.1 ~ admin.php ~ Admin authentication bypassing

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Olate Download 3.4.1 ~ admin.php ~ Admin authentication bypassing
From: "imei Addmimistrator" <addmimistrator@xxxxxxxxx>
Date: Thu, 16 Aug 2007 21:00:17 +0430
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=ZCXcFTQ/KVGLMsGnn5lp6oSQhk8T7T5Cy/ekMCcj0T+Z+4hyfPwoeeLG3yqPQNoFQSxfG8nszNUnd6NXAcuG9dI0sZB5ukxF1Jr1OxCSnWdSFELXxReDafCIcUZtZ5xoBiOGs9DU8kZy1R+BJ9QF7di3fRJWVHPP8hySZjen5sc=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=I60hyGNY5qwLJnvE99QudM+RgP8NCGM9ZoIl+hRxK28xyJXNTtvqwZUruHC4xmY+9yJzp0CyxBEdQBikQWi8+gGyD7sHwzkPqdqUH7/3FiYXoO/AkVa1+kJLFslxEjYoQkRIfc6eM24wFKFmLA+EKw/2P47tVwySks+Pgj/gg6A=
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

VISIT ORIGINAL LINK FOR MORE DETAILES
http://myimei.com/security/2007-08-16/olate-download-341adminphpauthentication-bypassing.html
VISIT ORIGINAL LINK FOR MORE DETAILES

oftware: Olate Download
 Sowtware's Web Site: http://www.olate.co.uk/
 Versions: 3.4.1
 Status: Unpatched
 Exploit: Available
 Solution: Not Available
 Discovered by: imei addmimistrator
 Risk Level: High
 —————–Description—————
 There is some flews in Olate Download software, one of the popular
files' links list, Ideal for download sites, that results to bypassing
authentication of site's admin. An attacker can gain access to Admin
area have full control permissions to maintaing entire site.


VISIT ORIGINAL LINK FOR MORE DETAILES
http://myimei.com/security/2007-08-16/olate-download-341adminphpauthentication-bypassing.html
VISIT ORIGINAL LINK FOR MORE DETAILES


-- 
imei Addmimistrator
Visit my SeQrity Homepage at:
http://myimei.com/security

Prev by Date: Re: Trackeur v.1 Remote File İnclude Bug
Next by Date: MS07-042 XMLDOM substringData() PoC
Previous by thread: [USN-498-1] libvorbis vulnerabilities
Next by thread: Re: Olate Download 3.4.1 ~ admin.php ~ Admin authentication bypassing
Index(es):
- Date
- Thread