[VIM] WTF: BellaBiblio Admin Login Bypass
George A. Theall
theall at tenablesecurity.com
Tue Jul 31 00:19:37 UTC 2007
I must be losing it... ilker kandemir posted a recent advisory to
SecurityFocus about a way to bypass authentication in BellaBiblio:
http://www.securityfocus.com/archive/1/475103/30/0/threaded
quotes the following code snippet:
if (isset($_COOKIE['bellabiblio'])) {
if ($_COOKIE['bellabiblio'] == md5($admin_name.$admin_pass.$secret)) {
if (isset($_GET['ap'])) $page = $_GET['ap']; else $page = "";
and then says you just need to set the 'bellabiblio' cookie to
'administrator' when calling the admin.php to bypass authentication.
Hello? md5() returns a 32-byte hash, so how in the world can that ever
equal 'administrator'??? So unless I'm having a really bad start to the
week, it looks like Bugtraq 25140 is bogus.
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list