[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FileProtection Express <= 1.0.1 authentification bypass

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: FileProtection Express <= 1.0.1 authentification bypass
From: zerogue@xxxxxxxxx
Date: 2 May 2006 14:32:35 -0000

FileProtection Express <= 1.0.1 authentification bypass

Discovered by: Nomenumbra
Date: 5/2/2006
impact:high (privilege escalation,full file access)

Ok, this is absurd, the only form of authentification to the Admin panel is 
controlled by
a cookie value. Use firefox CookieEditor extension for example and make a 
cookie of the target 
domain containing a value called Admin and set it to 1 (I really wonder if the 
word security is
actually in the dictionary you know...)

Nomenumbra/[0x4F4C]

Prev by Date: SF-Users V1.0 XSS injection
Next by Date: Russcom.net Loginphp multiple vulnerabilties
Previous by thread: SF-Users V1.0 XSS injection
Next by thread: Russcom.net Loginphp multiple vulnerabilties
Index(es):
- Date
- Thread