LinksCaffe no checker at admin

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Gonafish.com LinksCaffe 3.0 is free link indexing directory, we found that the file admin1953.php can be accessed directly to get full administration rights without password and username. 

Proof of exploit:
http://www.example.com/[path_to_linksCaffe]/Admin/admin1953.php

Or the images of mirror
http://vietnamsecurity.googlepages.com/1.JPG
http://vietnamsecurity.googlepages.com/2.JPG
http://vietnamsecurity.googlepages.com/3.JPG

Affected
LinksCaffe 2.0, 3.0, Pro no test

Fix : Easy to fix, just put checker to the file

HoangYenXinhDep
Vietnam Security Team
http://www.vnsecurity.com


[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux