 |
million-dollar-text-links-exploit.txt - advisories - Security advisories that I… |
 |
git clone git://jay.scot/advisories |
 |
Log |
|
Files |
|
Refs |
|
README |
|
--- |
|
million-dollar-text-links-exploit.txt (1191B) |
|
--- |
|
1 |
|
2 |
|
3 Million Dollar Text Links |
|
4 Authentication bypass |
|
5 =========================== |
|
6 |
|
7 |
|
8 |
|
9 |
|
10 APP SUMMARY |
|
11 ____________ |
|
12 |
|
13 Now that the market is overcrowded with million dollar graphic |
|
14 pages where the users get links back to their site, here is how |
|
15 you can add your "twist" to encash the million dollar craze. |
|
16 Use this script to generate adsense revenue, promote your |
|
17 links, get backward links to your site or simply to manage your |
|
18 link exchange. |
|
19 |
|
20 |
|
21 |
|
22 IMPACT |
|
23 _______ |
|
24 |
|
25 Leads to full administration rights of the admin panel. |
|
26 |
|
27 |
|
28 |
|
29 VERSIONS |
|
30 _________ |
|
31 |
|
32 Vulnerable systems: All versions |
|
33 |
|
34 Immune systems: None |
|
35 |
|
36 |
|
37 |
|
38 DESCRIPTION #1 |
|
39 ______________ |
|
40 |
|
41 No authentication checks on the admin home page allows anyone to |
|
42 just browse to the admin contol panel and bypass the login |
|
43 procedure. |
|
44 |
|
45 |
|
46 Proof of Concept: |
|
47 -> http://www.kalptarudemos.com/demo/million/admin.home.php |
|
48 |
|
49 Fix: |
|
50 -> None given. |
|
51 |
|
52 |
|
53 |
|
54 ADDITIONAL INFO |
|
55 _______________ |
|
56 |
|
57 |
|
58 Vendor URL - http://www.cmsnx.com/product.about.php?id=12 |
|
59 Underlying OS - Linux (Any), UNIX (Any), Windows (Any) |
|
60 Credit - Jay Scott |
|
61 Message History - Vendor Contacted. |
|
62 No reply after 30 days |
