[VIM] WTF: BellaBiblio Admin Login Bypass

George A. Theall theall at tenablesecurity.com
Tue Jul 31 00:19:37 UTC 2007

I must be losing it... ilker kandemir posted a recent advisory to 
SecurityFocus about a way to bypass authentication in BellaBiblio:


quotes the following code snippet:

   if (isset($_COOKIE['bellabiblio'])) {
   if ($_COOKIE['bellabiblio'] == md5($admin_name.$admin_pass.$secret)) {
   if (isset($_GET['ap'])) $page = $_GET['ap']; else $page = "";

and then says you just need to set the 'bellabiblio' cookie to 
'administrator' when calling the admin.php to bypass authentication.
Hello? md5() returns a 32-byte hash, so how in the world can that ever 
equal 'administrator'??? So unless I'm having a really bad start to the 
week, it looks like Bugtraq 25140 is bogus.

theall at tenablesecurity.com

More information about the VIM mailing list