[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

KvGuestbook Remote Add Admin Exploit

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: KvGuestbook Remote Add Admin Exploit
From: crazy_king@xxxxxxxx
Date: 11 Feb 2007 12:37:26 -0000

Version : 1.0 Beta

Download : http://www.killervault.com

Files : guestbook.php

Error : function dologin() {
        global $mysql, $gbpass, $gburl;
        $time = time() + 86400*365;
        if($gbpass == $mysql['pass']) {
                setcookie('kvgbcookie', $mysql['pass'], $time, '/');
        }
        header("Location: $gburl");
}

$mysql, $gbpass, $gburl

Mysql & Admin Pass & Admin Name

Prev by Date: Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers)
Next by Date: Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers)
Previous by thread: Multiple vulnerabilities in phpMyVisites
Next by thread: Arbitrary file disclosure vulnerability in php rrd browser < 0.2.1 (prb)
Index(es):
- Date
- Thread