Liens_Dynamiques AdminLien.PHP Security Restriction Bypass Vulnerability
BID:22068
Info
Liens_Dynamiques AdminLien.PHP Security Restriction Bypass Vulnerability
| Bugtraq ID: | 22068 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 15 2007 12:00AM |
| Updated: | Jan 16 2007 08:00PM |
| Credit: | sn0oPy is credited with the discovery of this vulnerability. |
| Vulnerable: |
liens_dynamiques liens_dynamiques 2.1 |
| Not Vulnerable: | |
Discussion
Liens_Dynamiques AdminLien.PHP Security Restriction Bypass Vulnerability
The 'liens_dynamiques' program is prone to a vulnerability that lets attackers bypass security restrictions.
An attacker can exploit this issue to gain unauthorized access to the administrative functions of the vulnerable application. Other attacks may also be possible.
Version 2.1 is vulnerable to this issue; other versions may also be affected.
The 'liens_dynamiques' program is prone to a vulnerability that lets attackers bypass security restrictions.
An attacker can exploit this issue to gain unauthorized access to the administrative functions of the vulnerable application. Other attacks may also be possible.
Version 2.1 is vulnerable to this issue; other versions may also be affected.
Exploit / POC
Liens_Dynamiques AdminLien.PHP Security Restriction Bypass Vulnerability
Attackers can exploit this issue via a browser.
An example URI has been provided:
http://www.example.com/liens_dynamiques/admin/adminlien.php3
Attackers can exploit this issue via a browser.
An example URI has been provided:
http://www.example.com/liens_dynamiques/admin/adminlien.php3
Solution / Fix
Liens_Dynamiques AdminLien.PHP Security Restriction Bypass Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
References
Liens_Dynamiques AdminLien.PHP Security Restriction Bypass Vulnerability
References:
References:
- liens_dynamiques Web Site (liens_dynamiques)
- liens_dynamiques xss and admin authentification ([email protected])