LinksCaffe no checker at admin

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

LinksCaffe no checker at admin

Subject: LinksCaffe no checker at admin
Date: 29 Aug 2006 04:57:09 -0000
From: suppressed

Gonafish.com LinksCaffe 3.0 is free link indexing directory, we found that the file admin1953.php can be accessed directly to get full administration rights without password and username. 

Proof of exploit:
http://www.example.com/[path_to_linksCaffe]/Admin/admin1953.php

Or the images of mirror
http://vietnamsecurity.googlepages.com/1.JPG
http://vietnamsecurity.googlepages.com/2.JPG
http://vietnamsecurity.googlepages.com/3.JPG

Affected
LinksCaffe 2.0, 3.0, Pro no test

Fix : Easy to fix, just put checker to the file

HoangYenXinhDep
Vietnam Security Team
http://www.vnsecurity.com

Prev by Date: [ MDKSA-2006:154 ] - Updated lesstif packages fix potential local root vulnerability
Next by Date: [SECURITY] [DSA 1160-1] New Mozilla packages fix several vulnerabilities
Previous by thread: [ MDKSA-2006:154 ] - Updated lesstif packages fix potential local root vulnerability
Next by thread: [SECURITY] [DSA 1160-1] New Mozilla packages fix several vulnerabilities
Index(es):
- Date
- Thread

Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.