# Advisory Title: Pastebay Password Bypass 
# Date: April 18th, 2011
# Website Link: http://pastebay.com/


# -= Info =-
Pastebay is a site for free, uncensored text hosting. 


#-= The Advisory =-

Pastebay suffers from a password bypass vulnerability that allows an attacker to view any paste that is password protected, without entering a password


# -= Example =-

If you download the paste directly [raw] with http://pastebay.com/pastebay.php?dl=[PasteID]  , you bypass the need for a password.

pastebay.php?dl=   


[Password protected post]
http://pastebay.com/120838

[Direct link to paste]
http://pastebay.com/pastebay.php?dl=120838



# -= Credit =-
Discovered by Sw1tCh 


# -= Shout outs  =-
Scruffy, Griff, D00dl3, BilboFraggin's, 


-- 



Cheers,

NULL   NULL