Gonafish.com LinksCaffe 3.0 is free link indexing directory, we found that the file admin1953.php can be accessed directly to get full administration rights without password and username. Proof of exploit: http://www.example.com/[path_to_linksCaffe]/Admin/admin1953.php Or the images of mirror http://vietnamsecurity.googlepages.com/1.JPG http://vietnamsecurity.googlepages.com/2.JPG http://vietnamsecurity.googlepages.com/3.JPG Affected LinksCaffe 2.0, 3.0, Pro no test Fix : Easy to fix, just put checker to the file HoangYenXinhDep Vietnam Security Team http://www.vnsecurity.com
