million-dollar-text-links-exploit.txt - advisories - Security advisories that I have released to the public.
(HTM) git clone git://jay.scot/advisories
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
---
million-dollar-text-links-exploit.txt (1191B)
---
1
2
3 Million Dollar Text Links
4 Authentication bypass
5 ===========================
6
7
8
9
10 APP SUMMARY
11 ____________
12
13 Now that the market is overcrowded with million dollar graphic
14 pages where the users get links back to their site, here is how
15 you can add your "twist" to encash the million dollar craze.
16 Use this script to generate adsense revenue, promote your
17 links, get backward links to your site or simply to manage your
18 link exchange.
19
20
21
22 IMPACT
23 _______
24
25 Leads to full administration rights of the admin panel.
26
27
28
29 VERSIONS
30 _________
31
32 Vulnerable systems: All versions
33
34 Immune systems: None
35
36
37
38 DESCRIPTION #1
39 ______________
40
41 No authentication checks on the admin home page allows anyone to
42 just browse to the admin contol panel and bypass the login
43 procedure.
44
45
46 Proof of Concept:
47 -> http://www.kalptarudemos.com/demo/million/admin.home.php
48
49 Fix:
50 -> None given.
51
52
53
54 ADDITIONAL INFO
55 _______________
56
57
58 Vendor URL - http://www.cmsnx.com/product.about.php?id=12
59 Underlying OS - Linux (Any), UNIX (Any), Windows (Any)
60 Credit - Jay Scott
61 Message History - Vendor Contacted.
62 No reply after 30 days