[VIM] WTF: BellaBiblio Admin Login Bypass

str0ke str0ke at milw0rm.com
Tue Jul 31 11:18:24 UTC 2007

He's been sending them into milw0rm for the past week, he knows they don't work.


On 7/30/07, Steven M. Christey <coley at linus.mitre.org> wrote:
> I just downloaded the source code and it's as you described.  Looks wrong
> to me, too - $admin_name etc. are hard-coded in config.php, which is
> included just before this code.  Not to mention that "administrator" isn't
> a valid md5 result :)
> - Steve

More information about the VIM mailing list