CVE-2005-1787
published 2005-05-27CVE-2005-1787: setup.php in phpStat 1.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the $check variable.
PriorityP353high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
12.35%
95.7th percentile
setup.php in phpStat 1.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the $check variable.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
phpStat 1.5 - 'setup.php' Authentication Bypass (PHP) (2)
exploitdb·2005-05-30
CVE-2005-1787 phpStat 1.5 - 'setup.php' Authentication Bypass (PHP) (2)
phpStat 1.5 - 'setup.php' Authentication Bypass (PHP) (2)
---
# milw0rm.com [2005-05-30]
Exploit-DB
phpStat 1.5 - 'setup.php' Authentication Bypass
exploitdb·2005-05-30
CVE-2005-1787 phpStat 1.5 - 'setup.php' Authentication Bypass
phpStat 1.5 - 'setup.php' Authentication Bypass
---
#!/usr/bin/perl
#####################################################################
#T r a p - S e t U n d e r g r o u n d H a c k i n g T e a m
#####################################################################
# EXPLOIT FOR - PHPStat Setup.PHP Authentication Bypass Vulnerability
#
#Exploit By : A l p h a _ P r o g r a m m e r ( Sirus-v )
#E-Mail : [email protected]
#
#This Xpl Change Admin's Pass in This Portal !!
#Discovered by: SoulBlack
#
#Vulnerable Version : phpStat 1.5
#
#####################################################################
# Gr33tz To ==> mh_p0rtal , Oil_karchack , Str0ke & AlphaST.Com
#
# So Iranian Hacking & Security Teams :
#
# Crouz , Shabgard , Simorgh-ev ,IHS , Emperor & GrayHatz.NeT
########
Exploit-DB
phpStat 1.5 - 'setup.php' Authentication Bypass (PHP) (1)
exploitdb·2005-05-30
CVE-2005-1787 phpStat 1.5 - 'setup.php' Authentication Bypass (PHP) (1)
phpStat 1.5 - 'setup.php' Authentication Bypass (PHP) (1)
---
";
print "";
print "Username : ";
print "Password : ";
print (" \n");
print "";
//------------------------------------------------------End.
?>
# milw0rm.com [2005-05-30]
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=111721290726958&w=2http://secunia.com/advisories/15516http://securitytracker.com/id?1014064http://www.soulblack.com.ar/repo/papers/advisory/PhpStat_advisory.txthttp://www.soulblack.com.ar/repo/tools/sbphpstatpoc.txthttp://marc.info/?l=bugtraq&m=111721290726958&w=2http://secunia.com/advisories/15516http://securitytracker.com/id?1014064http://www.soulblack.com.ar/repo/papers/advisory/PhpStat_advisory.txthttp://www.soulblack.com.ar/repo/tools/sbphpstatpoc.txt
2005-05-27
Published