Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: PHP :: bt900.txt

Security hole in MatrikzGB

Security hole in MatrikzGB Guestbook                                                                                   



Vulnerable Versions: 

Version 2.0 and prior 

Version 3   (not tested) 



MatrikzGB was written by Thomas Hempel for 

A bug in index.php allows a user with a regular user 

account to give administrator rights to himself. 



The bug is in the user edit function: 

Every regular user is allowed to chanche rights or do any 

modifications on existing users. 

 if ($new_username != "" && $new_password != "") { 


echo "<tr><th class=\"ok\">Der Benutzer wurde angelegt!"; 



This is a example how to give administrator rights to 




When you got administrator rights,you can look up the 

passwords of all other users,they are in plaintext. 


Vendor status: 

Vendor has been contacted. 


by Stephan "mastamorphixx" S. ,member of                                                                            #lostkey 


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH