lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20061115052831.20288.qmail@securityfocus.com> Date: 15 Nov 2006 05:28:31 -0000 From: hack2prison@...oo.com To: bugtraq@...urityfocus.com Subject: Hot Links download backup authorized vulnerabilities (re-post with some edit) Hot Links is web directory system provided by mrcgiguy.com contain PHP+MySQL version and Perl version and PHP withou MySQL. All version are vulnerabilities If admin backup database will store on server and attacker can download without authorized: http://[domain.ext]/[path]/dlback.php?dl=fullback for PHP+MySQL ver. Perl is same above, you try it. Contact vendor but no reply.