header-logo
Suggest Exploit
vendor:
simplePHPWeb
by:
SirGod
7,5
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: simplePHPWeb
Affected Version From: 0.2
Affected Version To: 0.2
Patch Exists: NO
Related CWE: N/A
CPE: simplephpweb
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

simplePHPWeb 0.2 Authentication Bypass Vulnerability

A vulnerability in simplePHPWeb 0.2 allows an attacker to bypass authentication and access the admin panel without any login credentials. This is achieved by accessing the files.php page in the admin directory.

Mitigation:

Ensure that authentication is properly implemented and enforced for all admin pages.
Source

Exploit-DB raw data:

##################################################################
[+] simplePHPWeb 0.2 Authentication Bypass Vulnerability
[+] Discovered By SirGod
[+] http://insecurity-ro.org
[+] http://h4cky0u.org
[+] download : http://sourceforge.net/projects/simplephpweb/files/simplephpweb/simplephpweb-v0.2/simplephpweb-v0.2.zip/download
##################################################################

[+] Authentication Bypass Vulnerability

 - No login required to access admin panel

 - PoC

   http://127.0.0.1/[path]/admin/files.php

##################################################################

# milw0rm.com [2009-08-03]

Navigation

Suggest Exploit

Services By CQR