bugtraq - Web Directory Pro bypass Vulnerabilities

lists.openwall.net		lists / announce john-users owl-users popa3d-users / xvendor oss-security / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4
Open Source and information security mailing list archives

This website is powered by Openwall GNU/*/Linux security-enhanced OS

[<prev] [next>] [month] [year] [list]

Date: 4 Nov 2006 01:58:50 -0000
From: hack2prison@...oo.com
To: bugtraq@...urityfocus.com
Subject: Web Directory Pro bypass Vulnerabilities

Web Directory Pro is product of hostingfrenzy.com I check latest version and detect some security holes, attackers can backup database or re-config system:
1. Backup database:
http://[domain]/[path]/admin/backup_db.php
2. Re-config system:
http://[domain]/[path]/admin/options.php
Note: If IE cannot download bacup file, you can use firefox.
The vendor was fixed but more sites can exploit.