| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 29 Mar 2011 10:56:41 -0400 From: Patrick Kelley <psworn@...il.com> To: cseye_ut@...oo.com Cc: bugtraq@...urityfocus.com Subject: Re: "Simple PHP Newsletter" Remote Admin Password Change With install path So, essentially this threat can be removed by simply deleting the "install" directory, which is common practice when installing web applications? On Tue, Mar 29, 2011 at 10:03 AM, <cseye_ut@...oo.com> wrote: > ##################################################################################### > #### "Simple PHP Newsletter" Remote Admin Password Change With #### > #### install path #### > ##################################################################################### > # # > # Author: alieye # > # # > # class : remote # > # # > # E-mail: cseye_ut@...oo.com # > # # > # greetz: C.S.Eye Security Team members # > # # > # We Are: Alieye , Z0d14c , Bully13 , Stanly , Safety & All Iranian Hackers # > # # > # Site : www.gcmt.vcp.ir , blog : www.cseye.blogfa.com # > ##################################################################################### > > download : http://quirm.net/download/23/ > > > Dork : intitle:"News list Administration panel" or "Simple PHP Newsletter" > > > Example : > > > 1. Go to url : target.com/newsletter/admin.php or target.com/mailer/admin.php > > 2. Clean admin.php and Go to target.com/newsletter/install/install1.php or target.com/mailer/install/install1.php > > 3. Write new password for admin and click next stage > > 4. finish install > > 5. Go to url : target.com/newsletter/admin.php or target.com/mailer/admin.php > > 5. Login admin with new password > > Date : 03/29/2011 >
Powered by blists - more mailing lists